Crash Ransomware
Ransomware threats are growing in popularity as cybercriminals all over the world are encouraged to try their luck when they see cases like the Florida town, which paid hackers $600,000 as a ransom fee at the end of June 2019. This is why it is not one bit surprising that there are new ransomware threats detected on a daily basis. One of the most recently spotted is the Crash Ransomware. When malware researchers dissected this data-locking Trojan, they found out that it belongs to the widely popular Dharma Ransomware family.
Infecting Your System
It is believed that the authors of the Crash Ransomware may be utilizing faux application updates, corrupted pirated software, and spam emails containing infected attachments as infection vectors in spreading their creation. However, cybersecurity experts have not been able to pinpoint the exact propagation method involved in the spreading of this new file-encrypting Trojan. The Crash Ransomware will trigger a scan as soon as it penetrates the targeted system. This scan will locate the files, which the Crash Ransomware will later lock. The next step of the Crash Ransomware’s attack is the encryption process. Once the Crash Ransomware encrypts a file, it changes its extension. Like most variants of the Dharma Ransomware, the Crash Ransomware follows a certain pattern when changing the extension of the encrypted files by adding a ‘.id-
The Ransom Note
Once this is completed, the Crash Ransomware takes the next step – dropping the ransom note. It is likely that the name of the ransom note is either ‘FILES ENCRYPTED.txt’ or ‘info.hta’ as these are the names utilized by most data-encrypting Trojans that belong to the Dharma Ransomware family. The authors of the Crash Ransomware give out an email address and demand to be contacted – ‘ii05635@aol.com.’
It is always better to keep your distance from cybercriminals like the authors of the Crash Ransomware. Not much can be gained if you try to reason with such individuals who lack conscience clearly. It is safer to download and install a legitimate anti-spyware tool, which will clear your system of the Crash Ransomware.
