CryptoDark Ransomware
The CryptoDark Ransomware has all the trappings of an encryption ransomware Trojan, the kind that encrypts the victims' data and then demands the payment of a ransom to decrypt the victim's files. However, the CryptoDark Ransomware rather is a screen locker Trojan, which tricks computer users into believing that their files have been encrypted to convince them to pay a ransom of $300 USD (in BitCoins) to 'restore' the affected files… despite not encrypting the victim's files! The CryptoDark Ransomware may be delivered using corrupted email attachments contained in spam email campaigns or disguised as bogus receipts and invoices. The best way to prevent a CryptoDark Ransomware attack is to be aware of these tactics when handling spam emails, and avoid opening any unsolicited email messages received in this way. A reliable and updated security program also may be used to intercept these threats before they can cause irreparable damage to the victim's data (or in this case, annoy the victim with a bogus message claiming that the data above has been compromised).
Table of Contents
How the CryptoDark Ransomware Attack Works
Lying and tricking inexperienced computer users is a basic part of the CryptoDark Ransomware attack. The CryptoDark Ransomware relies on tricking computer users into believing that their data has been completely compromised. The CryptoDark Ransomware claims to encrypt the victims' data, but the CryptoDark Ransomware does not have the capacity to encrypt files. This is a resource that PC security researchers have observed numerous times before, with variants increasing since early 2017 substantially (probably taking advantage of the increased awareness of encryption ransomware Trojans and the various high-profile ransomware attacks that have taken place in 2017).
During its attack, the CryptoDark Ransomware will display a lock screen, which prevents victims from accessing their desktops. The CryptoDark Ransomware will block access to the Windows Task Manager, Keyboard shortcuts, and other methods that could be used to bypass an annoying window. In the CryptoDark Ransomware lock screen, the CryptoDark Ransomware displays the following message:
'Your files have been encrypted!
All of your pictures, images and documents have been encrypted by CryptoDark.
To get them back, you will need to open the CryptoDark Decryptor and pay $300 worth of Bitcoin to the address shown in the decryptor.
If your anti-virus detected the decryptor, remove it from the quarantine or download a new one from:
xxxx://www.vhyifaiuevwni[.]tk/CDD'
However, the content of the above message is a complete lie. To continue with the illusion, the CryptoDark Ransomware will change the file names in the Windows libraries, making this an extremely annoying attack. The CryptoDark Ransomware uses a base64 encryption to change the files' names into gibberish. However, this will not change the contents of the affected files; it will merely make them appear to be encrypted. After doing this, the CryptoDark Ransomware will download an executable file named 'Cryptodark Decryptor.exe' onto the victim's Desktop, which displays the following text in a program window:
'Your files have been encrypted!
To recover your files, you will need to send $300 worth of Bitcoin to this address:
WW91IGhhdmUganVzdCB3YXN0ZWQgeW91ciB0aW1lLg==
If you do not know how to get Bitcoin then click on the Local Bitcoins button
Once you have payed, you will be given a key.
Click the Decrypt button and enter the key. If it is correct, your filess will be decrypted.
If you are sure you have typed the key correctly and you are still unable to decrypt your files, come back tomorrow and it should work.'
Dealing with the CryptoDark Ransomware
One curious aspect of the CryptoDark Ransomware is that the supposed BitCoin Wallet address displayed by the CryptoDark Ransomware is simply a Base64 encryption for the phrase 'You have just wasted your time.' This means that the CryptoDark Ransomware is a trollware, merely designed to harass computer users, but with no lucrative or destructive purpose. Use a reliable security program to detect and remove the CryptoDark Ransomware.
SpyHunter Detects & Remove CryptoDark Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 69db9bae938d8ba7dbad17f6a289cae4 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.