Cry9 Ransomware

Cry9 Ransomware Description

The Cry9 Ransomware is a ransomware Trojan that seems to be a variant of a known ransomware Trojan named Crypton. This new version of this ransomware Trojan was released as the anti-virus programs started to recognize its previous iteration. The Cry9 Ransomware adds on to this previously known threat by adding obfuscation measures to prevent detection. Malware researchers suspect that the Cry9 Ransomware is being distributed through the use of corrupted email attachments that use text files with compromised macros to install threats on the victim's computer. The Cry9 Ransomware is designed to infect computers running the Windows operating system and seems designed to target Portuguese speakers due to the geographical location of most infections and the language used in the Cry9 Ransomware's ransom note.

The Cry9 Ransomware – Another Ransomware Attacking Brazilian Users

The Cry9 Ransomware uses an attack method that is typical of most encryption Trojans. The Cry9 Ransomware was first observed in April 2017, compromising various computers located in Brazil. The Cry9 Ransomware uses a combination of the AES 256 and RSA encryptions to take over a computer and encrypt its victims' files. The Cry9 Ransomware will scan the victim's computer in search for files to encrypt in its attack. The Cry9 Ransomware will encrypt the following file types in its attack:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

Unlike many other ransomware Trojans that use similar attacks, the Cry9 Ransomware will not change the infected files' names, making it difficult to tell which files have been compromised in the Cry9 Ransomware infection exactly. The Cry9 Ransomware will avoid files in the Windows Directory or other directories that contain files essential for Windows to function properly. Because of this, the Cry9 Ransomware will allow Windows to continue functioning properly but will prevent computer users from accessing their data. The Cry9 Ransomware does this so that the Cry9 Ransomware can deliver its ransom note. The Cry9 Ransomware's ransom note is contained in a text file that is dropped on the infected computer's desktop. This file is named 'Arquivos criptografados.txt,' Portuguese for 'Encrypted files.txt' and contains the following message (originally in Portuguese):

'!!! YOUR FILES WERE ENCRYPTED !!!
Your personal identification: [RANDOM CHARACTERS]
To receive the decoder you must pay for the program.
Buy 0.5 BTC on these sites:
Xxxxs: //localbitcoins.com
Xxxxs: //www.coinbase.com
Xxxx: //xapo.com/
BITCOIN ADDRESS TO PAY:
[RANDOM CHARACTERS]
Send 0.5 btc for decoding
After paying:
1. Send a screenshot or payment photo to the address: juccy@protonmail.ch
2. If you want to remain anonymous or if you are not receiving a response, try using the bit message IM client (bitmessage.ch) and use this address to contact me:
BM-[RANDOM CHARACTERS]@bitmessage.ch. This method will work 100%.
3. In the email you must include your personal identification [RANDOM CHARACTERS].
You will then receive the decoder and instructions.'

Dealing with a Cry9 Ransomware Infection

The Cry9 Ransomware demands the payment of a ransom of 0.5 BitCoin (approximately $550 USD), a very large amount for computer users in Brazil. PC security experts advise computer users to protect their files by having backup copies of them on an external memory device. A fully up-to-date security program can be used to intercept the Cry9 Ransomware infection and remove the Cry9 Ransomware if it has been installed on a computer. However, due to the method of encryption that the Cry9 Ransomware uses, the files affected by the Cry9 Ransomware will not be recoverable without the decryption key.

Do You Suspect Your PC May Be Infected with Cry9 Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Cry9 Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.