CryBrazil Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 5 |
| First Seen: | June 7, 2018 |
| Last Seen: | June 21, 2018 |
| OS(es) Affected: | Windows |
The CryBrazil Ransomware is an encryption ransomware Trojan that is based on HiddenTear, an open source platform of ransomware that has been responsible for countless ransomware variants in use today. HiddenTear was released for educational purposes initially. However, it was very easy for the criminals to adapt HiddenTear for their own purposes, and today its code accounts for the vast majority of ransomware Trojan attacks. Currently, it may be possible for computer users to recover their files after a CryBrazil Ransomware attack, but this is not always the situation. Because of this, taking precautionary measures is essential in limiting the extent of the damage that will be caused by a CryBrazil Ransomware infection.
Table of Contents
How the CryBrazil Ransomware Attack Works
Threats like the CryBrazil Ransomware work by taking the victim's files hostage, encrypting them with a strong encryption algorithm to make them inaccessible, and then demanding a ransom payment in exchange for the decryption tool needed to restore the contents of the affected file. The CryBrazil Ransomware will scan the victim's drives in search of the user-generated files, which can include numerous file types, including media files and numerous document types. The files that are commonly compromised in attacks like the CryBrazil Ransomware include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The CryBrazil Ransomware will rename the files it enciphers by adding the file extension '.crybrazil' to each affected file's name. The CryBrazil Ransomware delivers a ransom note to the victim's computer once the files are encrypted. This ransom note is delivered through several means. The CryBrazil Ransomware will change the affected PC's desktop wallpaper picture, using a JPG file named 'ranso4.jpg' that contains the CryBrazil Ransomware ransom note text written in Portuguese, accompanied by a picture of a clown. The CryBrazil Ransomware's ransom note simply states that the victim should contact the criminals via email (losalphagroup@protonmail.com) to receive information about recovering the affected files. The CryBrazil Ransomware also drops its ransom note in the form of an HTML file named 'SUA_CHAVE.html,' which contains the same text as its desktop image.
Dealing with a CryBrazil Ransomware Attack
The criminals responsible for the CryBrazil Ransomware attack often don't even have the capacity to restore the files encrypted by the attack (which seems to be the case of the CryBrazil Ransomware). Regardless of whether they can help or not, computer users should refrain from contacting the criminals responsible for attacks like the CryBrazil Ransomware or following the instructions in the ransom notes. Instead, they should take precautions against these threats to ensure that their files can be restored after an attack without having to communicate with the criminals. The best protection is to have file backups. Apart from file backups, PC security researchers advise computer users to have a strong security application that is fully up-to-date installed on their computers. This can intercept attacks like the CryBrazil Ransomware before they are installed on a PC and detect these threats early enough so that the victim's files will not become compromised.
SpyHunter Detects & Remove CryBrazil Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 10597e7c2e644d9bd346844f08328c0b | 0 |
