Crypt12 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 6 |
| First Seen: | August 16, 2017 |
| Last Seen: | October 1, 2020 |
| OS(es) Affected: | Windows |
The Crypt12 Ransomware is an encryption ransomware Trojan. These threats are designed to take over the victim's computers, encrypting the victim's files and then requiring the payment of a ransom to be provided with the decryption key necessary to recover the affected files. If a Crypt12 Ransomware attack compromised your files, you are advised to use a fully updated anti-malware product. Unfortunately, as in most encryption ransomware attacks, the Crypt12 Ransomware included, the files encrypted are not recoverable. This is what makes security researchers advise computer users to keep file backups on an external memory device or the cloud, thus allowing for a quick recovery of the files compromised by a Crypt12 Ransomware attack.
Table of Contents
How the Crypt12 Ransomware Infects a Computer
PC security researchers first received reports of the Crypt12 Ransomware on August 15, 2017. The Crypt12 Ransomware may be delivered to victims through corrupted Microsoft Office documents attached to spam email messages. These documents will include macro scripts that download and install the Crypt12 Ransomware on the infected computer. The Crypt12 Ransomware seems to target computers associated with businesses and Web servers mainly. Because of this, rather than using random spam messages, the con artists associated with the Crypt12 Ransomware will send phishing email messages designed to trick computer users in a particular business into believing that the email comes from a department or individual in the company. To do this, spoofed email accounts and other techniques are used. Because of this, the first step in preventing Crypt12 Ransomware infections is learning how to recognize and deal with spam email messages. Apart from emails, the Crypt12 Ransomware also may be distributed by taking advantage of weak security on affected computers by compromising Remote Desktop Protocol accounts particularly. It is crucial to ensure that these access points are protected with strong passwords, and adequate security measures are present on any corporate network and Web server.
The Attack Carried out by the Crypt12 Ransomware
The Crypt12 Ransomware was created on the Microsoft .NET platform, allowing it to carry out attacks on the latest versions of the Windows operating system effectively. When the Crypt12 Ransomware infects a computer, the people controlling it can access a hidden window named 'crypt12 start panel' that allows the attacker to encrypt specific memory devices and storage on the victim's computer. The Crypt12 Ransomware will avoid encrypting the files that are required for Windows to function, targeting databases and the user-generated file so that the victim can make a ransom payment to restore the affected files (if the entire computer were encrypted, then the con artists would have no way of contacting the victim or demanding a ransom payment). The files encrypted by the Crypt12 Ransomware attack are identified with the file extension '.[ID]=[EMAIL].crypt12,' which is added to the end of each affected file's name. The con artists use the email address 'mortalis_certamen@aol.com' to contact the victim. After encrypting the victim's computer, the Crypt12 Ransomware will change the victim's desktop image and deliver the following ransom message:
'Your files Have Been Crypted email to:'
Dealing with a Crypt12 Ransomware Infection
The files encrypted by the Crypt12 Ransomware attack are not recoverable without the decryption key; the encryption method used in the Crypt12 Ransomware attack is quite strong. The Crypt12 Ransomware also will delete the Shadow Volume copies of the affected files, preventing computer users from restoring their files using this or other alternate methods. The best recovery method is to have file backups or backup disk images. Having these preventive measures, computer users can restore the affected files after deleting the Crypt12 Ransomware infection or wiping the affected drives clean. A reliable backup method, combined with reliable security software and strong security are the best ways to limit the damage caused by the Crypt12 Ransomware.
