CryptoJacky Ransomware

The CryptoJacky Ransomware is a ransomware Trojan that was first uncovered on March 6th, 2017. The CryptoJacky Ransomware does not seem to belong to a family of threats; instead, it was created as an independent threat. The CryptoJacky Ransomware is being distributed through corrupted email attachments using text files that try to execute corrupted code on the infected computer through the use of macros. Because of this, to prevent attacks like the CryptoJacky Ransomware you should handle email attachments with caution and avoid activating macros (especially when dealing with unknown documents). The CryptoJacky Ransomware is mainly targeting Spanish-speakers in its current iteration, although it is not unlikely that the CryptoJacky Ransomware attacks will manage to reach computer users located in non-Spanish-speaking areas.

Some Folders will be Avoided by the CryptoJacky Ransomware

The CryptoJacky Ransomware attack uses a customized, open source encryption engine that uses the AES encryption to encrypt the victims' files. The reason why the CryptoJacky Ransomware does this is to take the victims' files hostage, and then demand the payment of a ransom to decipher the affected content. The CryptoJacky Ransomware will encrypt numerous file types, including media files, images, documents of various types, databases, and similar types of content. Once the CryptoJacky Ransomware infects a computer, it scans all drives connected to the infected computer and begins encrypting the victims' files. Once a file has been encrypted by the CryptoJacky Ransomware, it becomes unreadable. The CryptoJacky Ransomware will avoid encrypting the files contained in the following folders:

AppData
Program Files
ProgramData
System Volume
Windows

The CryptoJacky Ransomware delivers its ransom note in the form of a pop-up message containing the message 'Ransom_ph! has detected immoral activity online and has retained your files.' Victims are asked to open a file named 'ransom instructions' that is dropped on the infected computer's Desktop. This file contains the following text:

'To purchase the password, click on the "ransom-payment" icon. Once open the link select above the box "list" and then in the column on the left the option with which you will pay, on the right, select bitcoins. Click "Find the best rate". Go to one of the sites that will appear on the right and buy EUR 250 bitcoins then send to the following address (right click and paste where you want): [RANDOM CHARACTERS]
Once the payment has been made let me know by sending me an email to the following address: ransom_ph@mail2noble.com
If so, the password will be sent to you.
Click on "ransom of files" and enter it.'

Dealing with the CryptoJacky Ransomware Infection

Unfortunately, when files have been encrypted by threats like the CryptoJacky Ransomware, they cannot be recovered directly. Instead, computer users will need to recover their files from a backup. This means that the best precaution against attacks like the CryptoJacky Ransomware (including most other ransomware Trojans) is to have backups of all files on the cloud or external memory devices. System administrators and those handling other high-profile targets may have backup images and storage on the cloud to help the to recover from an attack. The CryptoJacky Ransomware itself can be removed with the help of a reliable security program that is up-to-date easily. The main difficulty, rather, is to make the files fully recoverable from the backup. Ensure that all files are backed up, and a reliable security application is used to monitor all content that comes in contact with a computer or network. Apart from this, learning how to handle email attachments and browsing the Web can help prevent these attacks and other issues safely. Ransomware Trojans like the CryptoJacky Ransomware have become popular increasingly, especially because of the irreversible nature of the attack. Because of this, taking precautions is in the best interest of both individual computer users and system administrators.