Cradle Ransomware

The Cradle Ransomware is a ransomware Trojan that was first observed in April 2017. The Cradle Ransomware receives its name because it marks the affected files with the file extension '.cradle.' Like most encryption ransomware Trojans, the Cradle Ransomware is designed to use a strong encryption algorithm to make the victim's files inaccessible by encrypting them. The Cradle Ransomware then demands that the victim pays a ransom in exchange for the decryption key needed to recover the affected files. The Cradle Ransomware may be distributed through the use of corrupted email attachments that use corrupted text files to run corrupted macro scripts on the victims' computers. These macros download and install the Cradle Ransomware on the victim's computer.

The Cradle that was Created to Harm Your Files

Once the Cradle Ransomware enters a computer, it makes a list of files to be encrypted on the victim's computer. The Cradle Ransomware uses the AES-256 encryption to take over the victim's computer. the Cradle Ransomware will target a wide variety of file types in its attacks, including the following:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

When the Cradle Ransomware encrypts a file, it will become inaccessible without the decryption key, which the con artists hold in their possession. The Cradle Ransomware drops a file on the victim's Desktop. This file, named '_HOW_TO_UNLOCK_FILES_.html' includes the following instructions for payment:

'Unlock Your Files
You are here because your files are locked with military-grade encryption! To unlock your files you must purchase the decryption software. It is the only wav to restore your files.
As soon as payment is received, a software download button will appear on this page. Only software from this site can unlock vour files! To bookmark this page press [Ctrl+D].
Payment ID: 5X9
Website: [TOR-based site]
Price: 0.25 Bitcoins
Bitcoin Address: [RANDOM CHARACTERS]
Time Left: [7 DAY COUNTDOWN]
Follow these instructions carefully:
1. Payment must be made in Bitcoin currency. No other form of payment is accepted.
2. Time is running out! The price will double when the time expires!
3. After 14 days of nonpayment, vour files will be locked forever!!!
4. DO NOT attempt to restore the files yourself! You WILL destory them if you try.
5. Purchase 0.25 Bitcoins and send to 1Khk3pcJGYSnBmPF3D3JyblA5yh8ztHN7P
6. Return to this page and download the software.
7. Confirmation of payment can take up to 1 hour. Be patient and check back often.'

Dealing with the Cradle Ransomware Infection

It is clear that the people responsible for the Cradle Ransomware attack rely on fear to convince victims that they must pay the 0.25 Bitcoin ($300 USD) ransom. However, it is unlikely that the con artists will restore the victim's files after the payment has been made. Instead of paying, malware analysts strongly advise computer users to use a reliable security program that is fully up-to-date to remove the Cradle Ransomware and prevent future attacks. The best way to recover the files affected by the Cradle Ransomware is to recover them from a backup copy. This is why having backups on an offline device or the cloud is the best protection against threats like the Cradle Ransomware and the many other ransomware Trojans that use a similar attack method. Security experts strongly advise computer users to use a reliable security program and have backup copies of all files to become invulnerable to these attacks in the future completely.

SpyHunter Detects & Remove Cradle Ransomware