Craftul Ransomware
Malware experts have spotted a new data-locking Trojan recently. It is called the Craftul Ransomware and does not appear to be a variant of any of the popular ransomware threats.
Cybersecurity researchers have been unable to confirm what the exact infection vectors employed in the spreading of the Craftul Ransomware are. Some believe that spam email campaigns, infected pirated software, and faux application updates may be among the propagation methods used by the authors of the Craftul Ransomware to spread their creation. If the users fall for the tricks of the Craftul Ransomware and give it access to their systems, this file-encrypting Trojan will begin scanning the infiltrated machine immediately. The goal of the scan is to determine the locations of the files, which will be locked later. When the scan is completed, the Craftul Ransomware will start encrypting the targeted files. Upon encryption, the names of the affected files will be altered.
The Craftul Ransomware adds a '.craftul' extension to the locked files. This means that a file, which was named 'mama-cat.jpeg' originally will be renamed to 'mama-cat.jpeg.craftul.' The next action taken by the Craftul Ransomware will be dropping the ransom note. This threat's ransom note is called 'FilesInfo.txt.' In the note, the authors of the Craftul Ransomware claim that they have used the RSA-1024 encryption algorithm to lock the victim's data. The attackers also offer to unlock one or two files for free. This is an ordinary tactic used by ransomware authors as it would show the victim that they are capable of decrypting the data. The cyber crooks also threated to double the ransom fee if the victim fails to pay up in 72 hours. Two emails are provided for the user to get in touch with the attackers – 'helpmegetfiles@protonmail.ch' and 'GFgfsdfsf4545sd@bigmir.net.'
We advise you strongly never to contact cybercriminals, as nothing good can come out of it. Instead, you should obtain a legitimate anti-malware application, which would clear your system off the Craftul Ransomware.
