Crypt888 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 6,635 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 827 |
| First Seen: | March 27, 2022 |
| Last Seen: | September 19, 2023 |
| OS(es) Affected: | Windows |
The Crypt888 Ransomware is an encryption ransomware Trojan. These threats are designed to take the victims' files hostage. To do this, the Crypt888 Ransomware and similar threats are designed to encrypt the victims' files using a strong encryption algorithm and to then demand a large ransom payment in exchange for the decryption key they will need to regain access to the affected files. The Crypt888 Ransomware is just one of the countless encryption ransomware Trojans that are active and carrying out effective attacks on their victims currently. Unfortunately, the Crypt888 Ransomware uses an encryption method that is quite strong, and it may be impossible to restore files encrypted by the Crypt888 Ransomware without the decryption key currently. Furthermore, the Crypt888 Ransomware demands a large ransom, inflated in part due to the rising price of Bitcoin, the currency that is used to make these payments anonymously.
Table of Contents
The Crypt888 Ransomware also is Known as the Aviso Ransomware
The Crypt888 Ransomware, also detected as the Aviso Ransomware, was released on November 30, 2017. The Crypt888 Ransomware is an updated versions of Avido, which encrypts the victim's files instead of placing them in a password protected archive file. The Crypt888 Ransomware uses a strong encryption method, a combination of the AES and RSA encryptions, to make the victim's files inaccessible. The Crypt888 Ransomware will identify the files affected by its attack by adding the file extension '.lock' to the affected file's name. The Crypt888 Ransomware will encrypt a variety of file types, including media files such as audio and video, images, and a wide variety of document types. The file types that are typically encrypted by these threat infections include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Crypt888 Ransomware’s Delivery Method and Ransom Demand
In most cases, the Crypt888 Ransomware infections occur as a result of the victim opening a spam email attachment. These corrupted attachments may take the form of Microsoft Word documents with compromised macro scripts that download and install the Crypt888 Ransomware onto the victim's computer. The Crypt888 Ransomware will display a ransom note on the victim's computer after encrypting the victim's files. This ransom note is delivered by changing the infected computer's desktop image into a black screen with an image of a skull and a hacker. The changed image will contain a ransom message that demands the payment of 0.8 Bitcoin, nearly 8000 USD at the current exchange rate. Victims are asked to contact the cybercrooks at the email address 'maya_157_ransom@hotmail.com' for 'customer support.' However, you shouldn't contact these cybercrooks. The use of public email platforms like Hotmail for one of these attacks implies that the people responsible for the Crypt888 Ransomware attack may not be the most sophisticated since these email addresses can be shut down easily when they are associated with threats.
Dealing with the Crypt888 Ransomware
Unfortunately, the Crypt888 Ransomware's encryption method is solid, and the files encrypted by the Crypt888 Ransomware attack are not recoverable with current technology. Because of this, having file backups is extremely important since it allows computer users to restore their files from the backup device after an attack.
