CRM Ransomware

A new variant from the VoidCrypt Ransomware family has been caught in the wild by cybersecurity experts. The threat is named CRM Ransomware and is capable of causing significant damage to the devices it manages to infect successfully. Being ransomware, CRM is designed to go after certain file types and encrypt them with an uncrackable cryptographic algorithm. Victims will find that they no longer can access their documents, archives, databases, photos and more. 

All affected files will have their names modified according to the pattern - original name.[email address of the hackers].[victim's ID].new file extension. The email address used by the threat is poytemol@gmail.com, while the new extension is '.crm.' The customary ransom note with instructions for the victims is dropped on the desktops of the compromised systems as a text file named 'Read_this.txt.'

Ransom Note's Details

The message left by CRM Ransomware contains the typical instructions found in other VoidCrypt Ransomware variants. It tells victims to locate a file named 'prvkey.txt.key' in the C:\ProgramData\ folder. The file alongside 1 encrypted file that is less than 1MB in size should be sent to the cybercriminals via the provided email addresses - 'poytemol@gmail.com' and 'peloment@tutanota.com.' The note doesn't contain many details about the ransom payment but it does clarify that the funds must be transferred using the Bitcoin cryptocurrency.

The full text of the note is:

'All Your Files Has Been Encrypted

You Have to Pay to Get Your Files Back

Go to C:\ProgramData\ or in Your other Drives   and send us prvkey.txt.key  file 

ou can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data

Payment should be with Bitcoin

Changing Windows without saving prvkey.txt.key file will cause permanete Data loss

Our Email:poytemol@gmail.com

in Case of no Answer:peloment@tutanota.co'