CRYpt0r V2.0 Ransomware

The CRYpt0r V2.0 Ransomware threat is created specifically to lock the files on the computers it manages to infect. The malware employs a strong encryption algorithm to ensure that the victims will not be able to easily restore the affected files by themselves. By targeting a sufficiently large number of filetypes, the potential damage that CRYpt0r V2.0 can cause is massive. 

It appears that the main targets of the threat are users located in Spanish-speaking countries. The basis for this conclusion is the fact that the ransom-demanding messages delivered by CRYpt0r V2.0 are written in Spanish entirely, without translation into other languages. 

As part of its encryption process, the malware appends '.cry' to the original names of the locked files as a new extension. Afterward, the threat will change the default desktop wallpaper and create a text file named 'LEER IMPORTANTE.txt.'

Demands Overview

As we said, both messaged are in Spanish. The desktop image appears to contain some general information and instructs victims to open the text file to get the main ransom note mostly. According to the information provided in the file, the attackers are not financially motivated apparently. They state that as long as the victims follow the listed instructions - mainly to send an email to 'zixmorte@gmail.com' asking for the unlocker tool, the hackers will send the necessary decryption software for free. However, not complying with the note, will supposedly result in the encrypted files remaining locked, the data on the compromised machines being collected, besides important files getting deleted permanently.

The original message in the CRYpt0r V2.0 note is:

'Su Computador ha sido infectado por un virus el cual encripta al computador.

=============================================

No podra abrir archivos, modificarlos, ver escritorio, abrir carpetas, abrir programas, ETC.

=============================================

Le dire la forma mas rapida de recuperar el acceso al computador.

=============================================

Simplemente, mande un correo a zixmorte@gmail.com pidiendo el desbloqueador.

=============================================

Poco tiempo despues, se le enviara el programa de desencriptacion, el cual tendra que abrir.

=============================================

Espere a que el proceso termine, y listo. tendra acceso a sus archivos importantes nuevamente

=============================================

SI NO SIGUE LAS INSTRUCCIONES:

=============================================

Sus datos, claves, direcciones, archivos y mas, seran encriptados y robados

=============================================

sus archivos importantes seran eliminados y su informacion en general la perdera.

=============================================

Lo que le recomiendo es que envie el correo, reciba su programa y acceda de forma gratuita y facil.'

The desktop image contains the following text:

'¡SUS ARCHIVOS IMPORTANTES HAN SIDO ENCRIPTADOS!

¿Que Ha Pasado?

Muchos de sus archivos han sido bloqueados y encriptados, de forma tal que usted no tendra forma de usarlos, verlos o modificarlos.

¿Puedo tener mis archivos de vuelta?

La unica forma de tener sus archivos de vuelta es con nuestro complejo sistema de desencriptacion.

Sin esto, sus archivos, fotos, documentos y mas seran robados y eliminados.

Abra el archivo llamado LEER IMPORTANTE.txt para mas informacion.'