CRYPTBD Ransomware

The CRYPTBD Ransomware is a file-locking Trojan that comes from the MedusaLocker Ransomware family. The CRYPTBD Ransomware blocks the user's files as part of an extortion scheme and uses additional attacks, such as deleting backups, to improve its leverage over the victim. Windows users should have backups on other devices, maintain standard security precautions, and use robust PC security products for removing the CRYPTBD Ransomware.

Finding More Fangs on Greek Monsters

The Greek myth-themed MedusaLocker Ransomware isn't done with Windows users yet, with new campaigns as 2021 proceeds onwards. The CRYPTBD Ransomware is a recently-verifiable sample, out in the wild but using unknown infection exploits. For most Windows users, a backup should provide sufficient protection, although the CRYPTBD Ransomware also carries with it the threat of collecting and leaking confidential information.

The CRYPTBD Ransomware can block most media formats on Windows PCs thanks to a two-algorithm AES and RSA encryption feature, which also includes adding a fake extension ('example.jpg.CRYPTBD') to their names. The CRYPTBD Ransomware also deletes the Shadow Volume Copies and other backups and disables some security features, such as boot-up warnings. These characteristics are usual for most file-locking Trojans, including the MedusaLocker Ransomware variants like the Deadfiles Ransomware, the Deathfiles Ransomware, the Perfection Ransomware or the Decrypme Ransomware.

HTML or Web pages ransom notes are another aspect of this family, which the CRYPTBD Ransomware continues into its current campaign. The letters provide few particulars besides recommendations for contacting the attackers for their ransom-based recovery help. A significant security issue is that the CRYPTBD Ransomware, like many file-locker Trojans of late, also asserts that the attackers possess confidential information that they collected from the target previously.

However, malware experts point out that the CRYPTBD Ransomware lacks built-in features for data exfiltration. Any loss of data may use a previously-established backdoor or other tools, such as Remote Access Trojans.

The Antivenom for Serpentine Software

All Windows users should be protected against the CRYPTBD Ransomware attacks by saving backups onto other devices, which the Trojan can't encrypt or delete. For admins whose servers are most likely of being targets, malware experts also recommend some additional protective steps:

• Using strong, unique passwords for stopping brute-force software
• Disabling or restricting access to RDP
• Vetting all e-mail attachments (including documents and spreadsheets) for their safety before opening them or enabling any embedded content
• Installing security patches, especially for server software, as soon as possible

Although business entities with more financial weight are the typical targets of file-locker Trojans, users at home may find their files just as locked as any corporate server's contents. Home users also should avoid illicit downloads, piracy-related websites and other stereotypical sources of Trojans.

File-locking Trojans depend on launching their attacks before users or security tools detect them. Most security products with Trojan-detecting features will block and remove the CRYPTBD Ransomware before it represents a problem for any local media and still are preferable for disinfection.

Attacks by the CRYPTBD Ransomware aren't very different from those of other MedusaLocker Ransomware spawn, but a poison that still works needs no upgrading. The more users back their files up, the fewer new versions of this Trojan family will hatch.