CreamPie Ransomware

PC security researchers first reported the CreamPie Ransomware, an encryption ransomware Trojan, in the last week of August 2018. The CreamPie Ransomware's version that is being analyzed seems unfinished. The CreamPie Ransomware does not deliver a ransom note in its current form, although it does include a contact email in its attack. Threats like the CreamPie Ransomware function by taking over the victims' computers and their files hostage, then demanding a ransom payment from the victim as a condition to revert the damage done.

The CreamPie that will Have a Bitter Taste

The CreamPie Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. The CreamPie Ransomware targets many file types in its attack, the user-generated files especially, which would be impossible to restore if there are no backup copies. Samples of files that the CreamPie Ransomware targets in its attack, which are encrypted using the AES encryption and then marked with a new file extension that includes the string 'CreamPie' and an email contact address, include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

How the CreamPie Ransomware Attacks a Computer

The CreamPie Ransomware is delivered to the victims through malware delivery methods that have been used by other threats widely. The most common way in which victims receive threats like the CreamPie Ransomware is through spam email messages. These messages will often include corrupted file attachments that take the form of Microsoft Office files with bad embedded scripts that download and install the CreamPie Ransomware onto the victim's computer. Once the CreamPie Ransomware has been installed, it will work in the background to encrypt the victim's files, to make them inaccessible. The CreamPie Ransomware does not seem to deliver any ransom note, although some versions of the CreamPie Ransomware can be seen to open a command line window with the title 'CreamPie v.1.01.'

Protecting Your Data from Threats Like the CreamPie Ransomware

The best protection from threats like the CreamPie Ransomware is to have file backups. The storage location should be chosen carefully; otherwise, the backup copies may be ineffective. Secure file backups ensure that computer users can restore their files easily without having to risk contacting the criminals responsible for these attacks and paying large amounts of money to recover their files. Apart from file backups, computer users should install a proven security program, which can prevent the CreamPie Ransomware from being installed in the first place and help computer users keep their data safe (although they will not be able to restore the files encrypted by the CreamPie Ransomware attack).