Cry128 Ransomware Description
The Cry128 Ransomware is a ransomware Trojan that is a variant of Crypton, a ransomware family that includes the recently released Cry9 Ransomware variant. The Cry128 Ransomware and its variants are being delivered by attaching corrupted macro-enabled files to spam email messages. These files exploit a vulnerability in Windows that allows con artists to download and execute threats onto the victim's computer. The Cry128 Ransomware seems to be targeted towards English speakers and will encrypt the victim's files to demand the payment of a ransom.
The Cry128 Ransomware Attack
Like most ransomware Trojans, the Cry128 Ransomware is designed to infiltrate a computer and take the victim's files hostage, encrypting them using a strong encryption algorithm. Among the many file types that the Cry128 Ransomware will encrypt, the following are included:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Cry128 Ransomware uses a combination of AES and RSA encryption to make the victim's files inaccessible, working in the background after the victim opens the corrupted macro-enabled file. Apart from encrypting the victim's files, the Cry128 Ransomware will delete the System Restore Points and the Shadow Volume Copies, both of which can be used to recover lost data or undo unwanted changes made to a computer. The Cry128 Ransomware will encrypt the files and change their names by adding the following extensions to the end of each encrypted file:
The Cry128 Ransomware will display a pop-up message containing a ransom message. This ransom note is contained in a text file named 'DECRYPT MY FILE.txt' and contains the following text:
'*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***
To decrypt your files you need to buy the special software. To recover data, follow the instructions!
You can find out the details/ask questions in the chat:
xxxxs://gebdp3k7bolalnd4.onion.to (not need Tor)
xxxxs://gebdp3k7bolalnd4.onion.cab (not need Tor)
xxxxs://gebdp3k7bolalnd4.onion.nu (not need Tor)
You ID: ***
If the resource is not available for a long time, install and use the Tor-browser:
1. Run your Internet-browser
2. Enter or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER
3. On the site will be offered to download the Tor-browser, download and install it. Run.
4. Connect with the button "Connect" (if you use the English version)
5. After connection, the usual Tor-browser window will open
6. Enter or copy the address xxxx://gebdp3k7bolalnd4.onion in the address bar of Tor-browser and press key ENTER
7. Wait for the site to load
If you have any problems installing or using, please visit the video tutorial h[tt]ps://www.youtube.com/watch?v=gOgh3ABju6Q'
Dealing with the Cry128 Ransomware
The Cry128 Ransomware demands 0.15 BitCoin (approximately $250 USD at the current exchange rate) to decrypt the victim's files. Computer users should refrain from paying this ransom. There is no guarantee that the con artists will deliver on their promise and, even if they do, paying these ransoms will allow them to create and develop threats like the Cry128 Ransomware, reinfect the victim's computer or claim more victims eventually. The best protection against threats like the Cry128 Ransomware is to have backup copies of all files on an external memory device. This allows victims of the Cry128 Ransomware infection to quickly recover their files from the backup, undermining any power the con artists have over the victim completely.
Infected with Cry128 Ransomware? Scan Your PCDownload SpyHunter's Spyware Scanner
to Detect Cry128 Ransomware * SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.