crDypted Ransomware

Cybercriminals have unleashed another nefarious ransomware threat designed to lock the data found on infected computers. Named the crDypted Ransomware, the threat appears to be targeting both English and Russian-speaking users. Analysis has revealed that it follows the typical ransomware behavior.

The threat will execute an encryption routine that will go over the files on the breached device and lock those that match the targeted file types. As a result, victims will lose access to their personal or work-related documents, PDFs, archives, databases, etc. Each locked file will be marked through the addition of '.crDypted000007' as a new file extension.

The malware will deliver two ransom notes to the compromised computers. The main note will be delivered as a newly-created text file named 'README1.txt.' The other message is shown in an image that will be set as the new desktop wallpaper. It should be noted that the crDypted Ransomware also creates a new user profile on the system named 'Hack.'

Demands Overview

Both the text file and the background image contain two identical messages, one in Russian and one in English. The wallpaper instructions simply tell crDypted Ransomware's victims to open the text file for more details on how to decrypt the addicted files. The information in the text file states that the first action undertaken by affected users should be to send the code shown in the note to the cybercriminals. The message can be sent as an email to the 'krakinrf@yandex.ua' or by contacting the '@vicedark' Telegram account. Afterward, users are told to wait for additional instructions.

The ransom note in the text file is:

'Ваши файлы были зашифрованы.
Чтобы расшифровать их, Вам необходимо отправить код:
C99694747CD5001F657F|346|2|2
на электронный адрес krakinrf@yandex.ua/Телеграмм @vicedark
Далее вы получите все необходимые инструкции.
Попытки расшифровать самостоятельно не приведут ни к чему, кроме безвозвратной потери информации.'

'All the important files on your computer were encrypted.
To decrypt the files you should send the following code:
C99694747CD5001F657F|346|2|2
to e-mail address krakinrf@yandex.ua/Telegram @vicedark
Then you will receive all necessary instructions.
All the attempts of decryption by yourself will result only in irrevocable loss of your data.'

The wallpaper messages are:

'ВНИМАНИЕ!
Все важные фяй.аы на всех дисках вашего компьютера были зашифровавы.
Подробности вы можете пропитать в фагiлах README.txt, которые можно найти ни любом из дисков.'

'ATTENTION!
All the important files on your disks were encrypted.
The details can be found in README.txt files which you can find on any of your disks.'