CrazyCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 6 |
| First Seen: | March 13, 2019 |
| Last Seen: | April 9, 2019 |
| OS(es) Affected: | Windows |
The CrazyCrypt Ransomware is an encryption ransomware Trojan that seems to combine elements of numerous other encryption ransomware Trojans in its attack. The CrazyCrypt Ransomware seems to be based on the Cry128 Ransomware with numerous other additions. The CrazyCrypt Ransomware seems to include a control panel that has been linked to HiddenTear Ransomware variants and displays a ransom demand that seems to be linked to Jigsaw Ransomware variants. The CrazyCrypt Ransomware carries out a typical encryption ransomware attack, taking the victim's files hostage so that, to have their data back to normal, the victims must pay a ransom.
The CrazyCrypt Ransomware will Drive Its Victims Crazy
The CrazyCrypt Ransomware is distributed via corrupted spam email attachments, as well as through bogus file downloads. Once installed, the CrazyCrypt Ransomware uses an encryption ransomware Trojan to make the victim's files inaccessible. The CrazyCrypt Ransomware can be detected and intercepted by most of the security software in many cases, which stresses the importance of using a good security program to protect your computer. The following are examples of the files that the CrazyCrypt Ransomware will encrypt in its attack:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The files encrypted by the attack will be marked with the file extension '.[email address].crazy,' which is added to each affected file's name. The CrazyCrypt Ransomware attack has been linked to numerous email addresses.
The CrazyCrypt Ransomware's Ransom Demands
The CrazyCrypt Ransomware delivers a ransom note in the form of a text file named 'FILES ENCRYPTED.txt' dropped on the infected computer's desktop. The CrazyCrypt Ransomware ransom note contains the following text:
'all your data has been locked us
You want to return?
write email: decryptcrazy@gmail.com
and tell us your unique ID: [random characters]'
The CrazyCrypt Ransomware also displays a pop-up window with the following message:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC.
If you want to restore them, Write us to the e-mail:
decryptcrazy@gmail.com
[Cadastrar_Cliente]
Write this ID in the title of your message: E49AD***
The cost of decryption is US $500.
We receive payment only in BITCOINS.
After payment, we will send you the decryption key that will decrypt all your files.
Decryption process:
To decrypt the files, transfer money to our bitcoin wallet number:
1MmVistFXCoHVQTxsin5r5nAu5h3PocdDv
After payment we will send you the decryption key
Detailed instruction for decryption.
The easiest way to buy bitcoins: https://localbitcoins.com/
Enter Decryption Key Here: [text box]
[I made a payment, now give me my files back|BUTTON]
(Crazy Crypt Online)'
Computer users should not pay the CrazyCrypt Ransomware ransom and avoid contacting the criminals responsible for the CrazyCrypt Ransomware attack.
