CryCipher Ransomware

The CryCipher Ransomware is an encryption ransomware Trojan that appeared in February 2019. The CryCipher Ransomware carries out a typical encryption ransomware Trojan attack, taking victims' files hostage to extort them and then demanding a ransom payment. The CryCipher Ransomware, like most encryption ransomware Trojans, is delivered by corrupted spam email attachments. However, the CryCipher Ransomware also uses a less common distribution method and may be delivered to the victims as a supposed program designed to hack PayPal and generate revenue. This is a way for criminals to take advantage of inexperienced computer users trying to make easy money, a common way for malware to spread.

How the CryCipher Ransomware Carries Out Its Attack

Once the CryCipher Ransomware has been installed onto the victim's computer, regardless of the method used to deliver it, it will begin to take over the victim's data immediately. To do this, the CryCipher Ransomware will scan the victim's computer for the user-generated files, which may include those with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The CryCipher Ransomware will then use a strong encryption algorithm to make the victim's files inaccessible, encrypting them and adding the file extension '.locked' to the file's name. The CryCipher Ransomware demands a ransom payment in the form of a text file named 'Readme_now.txt' that is dropped on the infected computer once the victim's files have been encrypted. This ransom note demands that the victim pay a ransom by contacting the criminals by using the email address pay.ransom@protonmail.com. Contacting the criminals responsible for the CryCipher Ransomware attack should be avoided at all cost.

Protecting Your Data from Threats Like the CryCipher Ransomware

The best way to ensure that your data is safe from the CryCipher Ransomware, as with most encryption ransomware Trojans, is to have the means to restore it after the encryption. This is why backup copies of all the files and the use of safe storage services are crucial to have a way out of a threat infection such as the one executed by the CryCipher Ransomware. Apart from backup copies, a security program that is fully up-to-date can remove the CryCipher Ransomware and even prevent this threat from being installed in the first place. It also is necessary to be wary of online tactics, such as fake hacking programs and bogus software downloads that may be used to trick computer users into downloading and installing threats like the CryCipher Ransomware that can cause numerous problems on the infected computers.