CorruptCrypt Ransomware

The CorruptCrypt Ransomware is an encryption ransomware Trojan that was first observed on November 17, 2017. The CorruptCrypt Ransomware was created using an open source file encryption engine. The CorruptCrypt Ransomware attack is targeted against English speakers, although there is nothing that prevents the CorruptCrypt Ransomware from spreading to regions outside of its primary targets. The CorruptCrypt Ransomware infects computers that execute the Windows operating system and seems to spread through the use of corrupted spam email attachments primarily. This is a common method used to deliver ransomware Trojans. Victims will receive a phishing email disguised as a message from a legitimate source containing a corrupted file attachment in the form of a Microsoft Word document or other similar file type. These files will contain corrupted macro scripts that download and install the CorruptCrypt Ransomware onto the victim's computer when the victim opens them.

Some Details about the CorruptCrypt Ransomware Attack

Once the CorruptCrypt Ransomware has encrypted the victim's files with a combination of AES 256 and RSA encryptions, these files will no longer be accessible and will show up as blank icons on the Windows Explorer. The CorruptCrypt Ransomware may mark the files encrypted by its attack by adding a new file extension such as the file extensions '.acryhjccbb@protonmail.com' or '.corrupt,' to the end of each affected file's name. The CorruptCrypt Ransomware and similar threats will target the user-generated files while avoiding the Windows system files since it is necessary for the purposes of the CorruptCrypt Ransomware that the victim's operating system remains functional enough for it to deliver a ransom note and the victim pay the ransom. Some of the file types that are typically targeted in these attacks include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip

The CorruptCrypt Ransomware will deliver a text file named 'Decryption Key.txt' on the victim's desktop after encrypting the victim's files. This file contains the following text:

'-----BEGIN RSA PUBLIC KEY-----
f6QBx5LHlJfR90HWz/K5dkyXVyaXh1kBIIHZJOzkwOBuhBHmNMV+nTweQMaJiHXFprGvte7u4ZXV2OgAeZFhUp+5mJIthF0XacluCIMSY4f951MzAqAEjTgIuNTfdJ1+FUvVBIxxspvBnaNTQ7J9pTzP9PLMon2ofiWu/pwvt22xBSDgctwc6tRNhL6b
-----END RSA PUBLIC KEY-----'

One curious aspect of the CorruptCrypt Ransomware is that it also will write random data on the victim's drives. This means that the CorruptCrypt Ransomware will overwrite free space on the infected computer, which could make the affected computer to become unstable. Unfortunately, the files encrypted by these attacks can almost never be restored, and it will be necessary for computer users to take preventive measures to ensure that their data is safe from these attacks preemptively.

Protecting Your Data from Attacks Like the CorruptCrypt Ransomware

It is highly advised that computer users take preventive steps against threats like the CorruptCrypt Ransomware. There are several things computer users can do to ensure that their files are safe from these attacks. The single best option for most computer users is to have file backups. Having backup copies of all files on an outside device or another safe place means that computer users can restore their files after an attack without having to contact the cybercrooks or negotiate a ransom payment. Also, a reliable malware removal program that is fully up-to-date can be a precious help to remove the CorruptCrypt Ransomware.