Craze Ransomware

Users have another potent malware threat to worry about. Cybersecurity researchers have uncovered the Craze Ransomware and, according to their findings, it can impact a large set of file types. Victims of the threat will have their data encrypted with a sufficiently strong cryptographic algorithm and will no longer be able to access the locked files. As part of its actions, the malware also will modify the names of the encrypted files, by appending a new file extension to them. However, instead of picking just one signature file extension, the Craze Ransomware generates a different 4-character string for each file. Afterward, affected users will be left with a ransom note contained inside a newly generated text file named 'RESTORE-MY-FILES.TXT.' The desktop background image of the system also will be substituted with a new one provided by the malware.

Ransom Note's Overview

Reading the note reveals that the operators of the Craze Ransomware demand to receive a hefty ransom of exactly 20 ETH (Ethereum). At the current exchange rate of the Ethereum cryptocurrency, the ransom amounts to nearly $40, 000. After receiving the money into their crypto-wallet, the hackers promise to send back the decryption key necessary for the restoration of the data.

They even state their willingness to unlock up to three of their victim's files for free. According to the note, affected users have just 7 days to pay up, after which the decryption key will stop working, leaving the files locked permanently. The email address intended to act as a communication channel between the threat actors and their victims is 'encrypt-craze@protonmail.com.'

The full text of Craze Ransomware's message is:

'All of your important files are encrypted!
Any attempts to restore your files with the third-party software will be fatal for your files.

YOU CAN ONLY RESTORE YOUR FILES AND DATA BY BUYING THE PRIVATE KEY FROM US.

For more details, you must follow these steps to decrypt your files:

1) Write to our email: encrypt-craze@protonmail.com (If you want to test the decryption, also send with your 3 files as an example, so we can decrypt and restoring it for you. Expect reply from us in 24-48 hours.)

2) Send 20 ETH (Ethereum) to this address: 0x429b77DF45e3e0C3D86d8464DD3F9Cb18a861ad4

3) If you have transferred the ETH, send us confirmation email. After we have confirmed the funds on the blockchain, we will send the private key so you can fully decrypt/restore all of your files by yourself. (We will also include the tutorial how to do it.)

You have 7 days to restore your encrypted files. If in 7 days we still didn't receive the funds, the files will be permanently encrypted, our private key will then no longer work.

Negotiate are accepted, just write to our email above.'