Crypter-2016 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1,231 |
First Seen: | November 29, 2016 |
Last Seen: | June 4, 2023 |
OS(es) Affected: | Windows |
The Crypter-2016 Ransomware is a ransomware Trojan used to take money from inexperienced computer users. The Crypter-2016 Ransomware pretends to be an encryption ransomware Trojan that encrypts victims' files. However, the Crypter-2016 Ransomware does not encrypt the victims' files, merely giving the impression that it does it by mimicking common ransomware Trojans active in the wild today. It is likely that the Crypter-2016 Ransomware is being distributed using spam email attachments. The Crypter-2016 Ransomware, very similar to an older ransomware Trojan known as the 'Anatel Ransomware,' and is designed to target computer users in Brazil and other Portuguese-speaking countries.
Table of Contents
The Crypter-2016 Ransomware Infection
Despite its claims, the Crypter-2016 Ransomware does not encrypt its victims' files. Rather, the Crypter-2016 Ransomware renames the files using the pattern 'wwww-hash-part-[9-digit number].crypter.' Because of the unfamiliar extension, Windows will fail to recognize the file. Inexperienced computer users may believe that the Crypter-2016 Ransomware has encrypted their data, especially since ransomware Trojans that encrypt the victims' data have become too prevalent in the last couple of years. The Crypter-2016 Ransomware is also known as Renlocker and may be detected as such by common anti-virus programs.
The Crypter-2016 Ransomware’s Ransom Note
The Crypter-2016 Ransomware generates its ransom note after it has finished renaming the victims' files. The Crypter-2016 Ransomware displays a ransom note that is presented on a blue screen with black text. This screen contains payment instructions and asks that victims pay 1 BitCoin (approximately $730 USD at the current exchange rate). This is an extraordinarily high amount if one considers that the average monthly paycheck in Brazil is substantially less than what the Crypter-2016 Ransomware demands as its ransom.
The full text of the Crypter-2016 Ransomware's ransom note is displayed below:
'ATENÇÃO: Seu computador esta bloqueado!
Seus arquivos importantes foram modificados, portanto impossibilitados de de serem usados no momento. Suas fotos, documentos pessoais e trabalhos foram salvos e estão em um HD online podendo ser analizados e vendidos caso não tenha interesse em recupera-los.
Caso desconsidere, ou de alguma forma equivocada impeça o funcionamento deste aplicativo e tente de alguma forma salvar seus arquivos, fotos, musicas, senhas e gravações dentre outros e não consiga, considero o fim da negociação pelo resgate de seus arquivos, suas informações pessoais serão vendidos a quem pagar mais e os arquivos serão permanentemente perdidos. O Desbloqueio só é possível via Bitcoins Os arquivos serão restaurados se for pago seu resgate via Bitcoins. Abaixo segue os links como proceder Passo a passo de como criar uma carteira:
Como comprar Bitcoins: [random characters]
Valor do resgate de seu computador apenas em valor unitário de: 1 Bitcoins'
Carteira para depósito: 13s8W3D5ssWR24Q2wwnftVK7dsbNTez2ym
The following is the English translation of the above ransom note:
'ATTENTION: Your computer is locked!
Your important files have been modified so they can not be used at the moment. Your photos, personal documents, and works have been saved and are in an HD online and can be deleted if you have no interest in retrieving them.
If you ignore the message or prevent the application from running, you will lose the ability to restore your files, photos, music, passwords and recordings among others. Failure to pay will be considered as denial to recover data, and your Personal information will be sold to those who pay more and the files will be permanently lost. Unlocking is only possible via Bitcoins Files will be restored if their ransom is paid via Bitcoins. Here is how to proceed Step by step how to create a portfolio: [site that helps users manage Bitcoins]
Or buy Bitcoins: [random characters]
Redemption value of your computer is: 1 Bitcoins'
Do not Pay the Crypter-2016 Ransomware Ransom
While computer users may pay the ransom for ransomware Trojans to recover their data occasionally, the Crypter-2016 Ransomware does not encrypt files for real. Because of this, there is even less of a reason why computer users would need to make the ransom payment. The files 'encrypted' by the Crypter-2016 Ransomware can be recovered easily by restoring their original names and using the appropriate application to open the renamed file.
SpyHunter Detects & Remove Crypter-2016 Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | 2C23.tmp.exe | 5fffb067ac25b1c16dde4d9cb77cc28e | 103 |