Cryp70n1c Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 1 |
| First Seen: | January 27, 2022 |
| Last Seen: | January 27, 2022 |
| OS(es) Affected: | Windows |
PC security researchers have noticed the Cryp70n1c Ransomware on November 23, 2017. The Cryp70n1c Ransomware seems to be part of a Ransomware as a Service (RaaS) attack, which is part of a larger wave of ransomware Trojans. It is apparent that the Cryp70n1c Ransomware Trojan itself is not sophisticated particularly and it is being spread using typical threat delivery methods, such as the use of corrupted spam email attachments and through compromised websites that use exploit kits to deliver the Cryp70n1c Ransomware to the computers of its visitors.
How the Cryp70n1c Ransomware Attacks a Computer
The Cryp70n1c Ransomware is a variant of HiddenTear, an open source ransomware platform that has been accounted for countless variants since it was first released in 2015. HiddenTear is freely available on the Dark Web, making it easy for the cybercrooks to use its code and adapt it to their own attacks. HiddenTear variants like the Cryp70n1c Ransomware are capable of carrying out effective threat attacks on their victims. The Cryp70n1c Ransomware has been observed under the name 'CRYPTONIC HACKING TOOLS' and in its attack uses a fusion of the AES and RSA encryptions to make victims files inaccessible, targeting the user-generated files, which may include photos, music, and a variety of other commonly used file types.
The Cryp70n1c Ransomwarethes Ransom Notes
The Cryp70n1c Ransomware has been associated with several ransom notes. The Cryp70n1c Ransomware will mark the affected files with the file extension '.cryp70n1c' and drop a text file on the victim's computer, named 'READ_IT.txt' after encrypting the victim's files. This text file contains the following message:
'This computer has been hacked,
our personal files have been encrypted. Send us 0,05 Bitcoin to get the decryption passcode. After that, you'll be able to get your files back again. Failure to do so within 3 days will result in all your files being deleted & lost forever - visit www[.]luno[.]com to buy Bitcoin and once you have purchased 0.05 please send them to the following Bitcoin Address 1KDQcgujZKjMgZkYSbM77pLeGSDq8walRM thank you and have a great day. If you need to contact us for any reason, please e-mail us ransom@deliveryman.com'
The Cryp70n1c Ransomware has been linked to a couple of other messages, including one where computer users are urged to join the 'Cryp70n1c Army.' The following two messages have been linked to the people responsible for the Cryp70n1c Ransomware attack:
'We are the Cryptonic Army
All data files have been locked and in 3 days they will be deleted unless you pay us
Please find the text file on your desktop for instructions
CRYP70N1C ARMY
JOIN US AND TAKE CONTROL BACK
Join us today and help deface the government and all corrupt businesses. Firstly visit Proton-mail and open a Anonymous e-mail address then proceed to step two
ACCOUNT SIGNUP
Once your anonymous e-mail is registered proceed to sign up, make sure to choose a strong password and username that doesnthet tie you to anything. Our server doesnthet log your IP address so no need to access this site via VPN.
DOWNLOAD THE HACKING “STARTER PACK“
Once you have successfully logged in find the footer section called “MORE” this is DDOS and MYSQL Injection software we built for you, we will be training you to use it via our learning center.
LAUNCH DATES & COMMUNICATION
You shall find the following sections once logged in, Launch Dates will be set 2 weeks prior to attack and attack targets will we given 15 minutes prior to live attack. All communication will be done via our live chatroom.
Cryp70n1c: Leader
AMAZING
It is a long established fact that majority always wins, power is essential and clearly our government has the upper hand. We are a core group of three experienced hackers which were responsible for the Julius Malema hack, several database dumps as well as defacing 3 government websites. But we need recruitmentthes who are willing to join in on the hacks as we need more computational power.
SEE YOU ON THE DARKSIDE'
***
Computer users shouldn't communicate with the people responsible for the Cryp70n1c Ransomware. Instead, it is recommended that computer users have file backups to ensure that their data is safe from these attacks.
