CRBR Encryptor Ransomware

The CRBR Encryptor Ransomware seems to be a variant of Cerber 6, a ransomware Trojan that was turned into a RaaS (Ransomware as a Service) platform recently. The CRBR Encryptor Ransomware is only a version of the infamous Cerber ransomware family that was modified slightly, which is the most disseminated and active ransomware family today. There is little to differentiate the CRBR Encryptor Ransomware from the many other ransomware Trojans active currently, and it is identical to the Cerber family variants virtually. The CRBR Encryptor Ransomware will mark the encrypted files with an extension made up of four random characters. The CRBR Encryptor Ransomware displays its ransom note using a program window with the title 'Crbr Encryptor Instructions.' This ransom note notifies the victim of the attack and demands the payment of a ransom.

How the CRBR Encryptor Ransomware may be Distributed

The CRBR Encryptor Ransomware and other Cerber variants can be distributed in a wide variety of ways. The following methods have been used to distribute the variants of the CRBR Encryptor Ransomware:

• The CRBR Encryptor Ransomware may be distributed using attack websites, which will use exploit kits to distribute threats like the CRBR Encryptor Ransomware to visitors. The CRBR Encryptor Ransomware, in particular, has been linked to attacks using the Magnitude Exploit Kit.
• The CRBR Encryptor Ransomware and other ransomware Trojans may be distributed using corrupted Microsoft Word Documents, which will include compromised macros that download and install the CRBR Encryptor Ransomware onto the victim's computer and may be delivered through the use of spam email messages.
• The CRBR Encryptor Ransomware also may be distributed through email attachments claiming to be PDF files, but are executable files or JavaScript files that use a double extension to hide their true nature from the victim.

The not that Cheap Ransom Demanded by theCRBR Encryptor Ransomware

The CRBR Encryptor Ransomware is among the most threatening and sophisticated ransomware Trojans. This is because the CRBR Encryptor Ransomware combines a strong encryption (RSA 2048) with a large distribution network, which includes its RaaS platform.) During its attack, the CRBR Encryptor Ransomware will delete the Windows Shadow Volume Copies and the Windows Restore points, preventing victims from recovering their files. The CRBR Encryptor Ransomware will target a wide variety of file types, which may include the following:

.r3d, .rwl, .rx2, .p12, .sbs, .sldasm, .wps, .sldprt, .odc, .odb, .old, .nbd, .nx1, .nrw, .orf, .ppt, .mov, .mpeg, .csv, .mdb, .cer, .arj, .ods, .mkv, .avi, .odt, .pdf, .docx, .gzip, .m2v, .cpt, .raw, .cdr, .cdx, .1cd, .3gp, .7z, .rar, .db3, .zip, .xlsx, .xls, .rtf, .doc, .jpeg, .jpg, .psd, .zip, .ert, .bak, .xml, .cf, .mdf, .fil, .spr, .accdb, .abf, .a3d, .asm, .fbx, .fbw, .fbk, .fdb, .fbf, .max, .m3d, .dbf, .ldf, .keystore, .iv2i, .gbk, .gho, .sn1, .sna, .spf, .sr2, .srf, .srw, .tis, .tbl, .x3f, .ods, .pef, .pptm, .txt, .pst, .ptx, .pz3, .mp3, .odp, .qic, .wps.

The CRBR Encryptor Ransomware will change the infected filenames by encrypting the filenames using a base-64 algorithm and adding a file extension made of up of four random characters to the end of each affected file's name. The CRBR Encryptor Ransomware's ransom note is delivered in a file named '_R_E_A_D___T_H_I_S___[RANDOM CHARS]_.hta' and '_R_E_A_D___T_H_I_S___[RANDOM CHARS]_.txt,' both dropped on the infected computer's desktop. The CRBR Encryptor Ransomware ransom note will tell victims to download the TOR browser to pay the CRBR Encryptor Ransomware ransom anonymously (it will be around 0.5 BTC, about $1250 USD at the current exchange rate).

Protecting Your Data from Threats Like the CRBR Encryptor Ransomware

The best protection against the CRBR Encryptor Ransomware and the many other Cerber ransomware variants is to have backups of your files. Having backups of the files on the cloud or an external memory device, makes the people responsible for the CRBR Encryptor Ransomware attack lose any leverage they have over the victim, enabling them to demand a ransom payment. Beside having file backups, PC security researchers also advise computer users to take steps to protect their machines with a reliable security program.

SpyHunter Detects & Remove CRBR Encryptor Ransomware