Threat Database Ransomware Crypter-2016 Ransomware

Crypter-2016 Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1,231
First Seen: November 29, 2016
Last Seen: June 4, 2023
OS(es) Affected: Windows

The Crypter-2016 Ransomware is a ransomware Trojan used to take money from inexperienced computer users. The Crypter-2016 Ransomware pretends to be an encryption ransomware Trojan that encrypts victims' files. However, the Crypter-2016 Ransomware does not encrypt the victims' files, merely giving the impression that it does it by mimicking common ransomware Trojans active in the wild today. It is likely that the Crypter-2016 Ransomware is being distributed using spam email attachments. The Crypter-2016 Ransomware, very similar to an older ransomware Trojan known as the 'Anatel Ransomware,' and is designed to target computer users in Brazil and other Portuguese-speaking countries.

The Crypter-2016 Ransomware Infection

Despite its claims, the Crypter-2016 Ransomware does not encrypt its victims' files. Rather, the Crypter-2016 Ransomware renames the files using the pattern 'wwww-hash-part-[9-digit number].crypter.' Because of the unfamiliar extension, Windows will fail to recognize the file. Inexperienced computer users may believe that the Crypter-2016 Ransomware has encrypted their data, especially since ransomware Trojans that encrypt the victims' data have become too prevalent in the last couple of years. The Crypter-2016 Ransomware is also known as Renlocker and may be detected as such by common anti-virus programs.

The Crypter-2016 Ransomware’s Ransom Note

The Crypter-2016 Ransomware generates its ransom note after it has finished renaming the victims' files. The Crypter-2016 Ransomware displays a ransom note that is presented on a blue screen with black text. This screen contains payment instructions and asks that victims pay 1 BitCoin (approximately $730 USD at the current exchange rate). This is an extraordinarily high amount if one considers that the average monthly paycheck in Brazil is substantially less than what the Crypter-2016 Ransomware demands as its ransom.

The full text of the Crypter-2016 Ransomware's ransom note is displayed below:

'ATENÇÃO: Seu computador esta bloqueado!
Seus arquivos importantes foram modificados, portanto impossibilitados de de serem usados no momento. Suas fotos, documentos pessoais e trabalhos foram salvos e estão em um HD online podendo ser analizados e vendidos caso não tenha interesse em recupera-los.
Caso desconsidere, ou de alguma forma equivocada impeça o funcionamento deste aplicativo e tente de alguma forma salvar seus arquivos, fotos, musicas, senhas e gravações dentre outros e não consiga, considero o fim da negociação pelo resgate de seus arquivos, suas informações pessoais serão vendidos a quem pagar mais e os arquivos serão permanentemente perdidos. O Desbloqueio só é possível via Bitcoins Os arquivos serão restaurados se for pago seu resgate via Bitcoins. Abaixo segue os links como proceder Passo a passo de como criar uma carteira:
Como comprar Bitcoins: [random characters]
Valor do resgate de seu computador apenas em valor unitário de: 1 Bitcoins'
Carteira para depósito: 13s8W3D5ssWR24Q2wwnftVK7dsbNTez2ym

The following is the English translation of the above ransom note:

'ATTENTION: Your computer is locked!
Your important files have been modified so they can not be used at the moment. Your photos, personal documents, and works have been saved and are in an HD online and can be deleted if you have no interest in retrieving them.
If you ignore the message or prevent the application from running, you will lose the ability to restore your files, photos, music, passwords and recordings among others. Failure to pay will be considered as denial to recover data, and your Personal information will be sold to those who pay more and the files will be permanently lost. Unlocking is only possible via Bitcoins Files will be restored if their ransom is paid via Bitcoins. Here is how to proceed Step by step how to create a portfolio: [site that helps users manage Bitcoins]
Or buy Bitcoins: [random characters]
Redemption value of your computer is: 1 Bitcoins'

Do not Pay the Crypter-2016 Ransomware Ransom

While computer users may pay the ransom for ransomware Trojans to recover their data occasionally, the Crypter-2016 Ransomware does not encrypt files for real. Because of this, there is even less of a reason why computer users would need to make the ransom payment. The files 'encrypted' by the Crypter-2016 Ransomware can be recovered easily by restoring their original names and using the appropriate application to open the renamed file.

SpyHunter Detects & Remove Crypter-2016 Ransomware

File System Details

Crypter-2016 Ransomware may create the following file(s):
# File Name MD5 Detections
1. 2C23.tmp.exe 5fffb067ac25b1c16dde4d9cb77cc28e 103

Trending

Most Viewed

Loading...