Creeper Ransomware

The Creeper Ransomware is an encryption Trojan that is used to extort computer users. The Creeper Ransomware was first observed on March 1, 2018. The Creeper Ransomware encrypts the victim's files using a strong encryption algorithm and then demands payment of a ransom in Monero, a cryptocurrency similar to BitCoin. These threats lock access to the victim's data, preventing the victims from accessing their files until they pay a ransom amount.

The Creeper that will Attack Your Files

The favored way in which threats like the Creeper Ransomware are delivered is through the use of corrupted email attachments. These email attachments will use content that makes it appear as if the email is coming from a genuine source, such as a social media platform or shopping website. Once the Creeper Ransomware is installed, it will scan the victim's computer in search for files that are generated by the user, such as images, music, videos, text files, eBooks, spreadsheets, databases, and numerous other common file types. The following are file extensions that are typically targeted in attacks like the Creeper Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip

The Creeper Ransomware will mark the files encrypted by the attack by adding the file extension '.creeper' to the affected file's name.

The Creeper Ransomware’s Ransom Demands

The Creeper Ransomware will deliver a ransom note named 'DECRIPT_MY_FILES.txt' [sic], which is dropped on the infected computer's desktop as soon as the Creeper Ransomware finishes the files' encryption. The Creeper Ransomware demands that the victims contact the people responsible for the Creeper Ransomware attack by sending an email to the email address 'skgrhk2018@tutanota.com.' The Creeper Ransomware's ransom note contains the following message:

'Decrypting your files is easy. Take a deep breath and follow the steps below.
1 ) Make the proper payment.
Payments are made in Monero. This is a crypto-currency, like bitcoin.
You can buy Monero, and send it, from the same places you can any other
crypto-currency. If you're still unsure, google 'monero exchange.'
Sign up at one of these exchange sites and send the payment to the address below.
Payment Address (Monero Wallet):
46WDbj1YCQrCfAGW37AJi3Ljr86waWBP1GwoRCeAGcR49xtNvRWpVyXQsqWDxW4qaQ5SxnDB4VnJZRhNaYHuvkAdVaeLeMM
2 ) Farther you should send the following code: *** to email address skgrhk2018@tutanota.com.
Then you will receive all necessary key.
Prices :
Days : Monero : Offer Expires
0-2 : 3 : [date]
3-5 : 5 : [date]
Note: In 6 days your password decryption key gets permanently deleted.
You then have no way to ever retrieve your files. So pay now.'

The Creeper Ransomware's ransom is demanded in Monero and is of 800 USD in this currency. PC security researchers warn, however, that when victims contact the cybercrooks, these people will raise the amount to 1200 USD, with no guarantee that they will not continue to raise the rate instead of helping victims of the attack recover their files after an infection.

Protecting Your Data from the Creeper Ransomware

The best protection against threats like the Creeper Ransomware is to have file backups, in places where the threat can't reach. A combination of file backups and a strong security suite can help computer users ensure that their data is safe from threats like the Creeper Ransomware.