CryptoNar Ransomware Description
The CryptoNar Ransomware is an encryption ransomware Trojan that was first observed in the final week of August 2018. The CryptoNar Ransomware is being distributed to victims through corrupted spam email attachments mainly. These attachments often take the form of emails disguised as messages from legitimate sources containing a Microsoft Office or PDF file attachment. The CryptoNar Ransomware will be downloaded and installed on the targeted computer when the victims open embedded macros. Once the CryptoNar Ransomware is installed, it carries out its attack, taking the victim's files hostage and then demanding a ransom payment to return access to the affected files.
Symptoms of a CryptoNar Ransomware Infection
The CryptoNar Ransomware uses AES 256 encryption to make the victim's files inaccessible. The CryptoNar Ransomware encrypts a wide variety of file types in its attack, which include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The CryptoNar Ransomware marks the files encrypted by its attack with the file extensions '.fully.cryptoNar' or '.partially.CryptoNar,' which make it clear what files have been compromised by the CryptoNar Ransomware attack.
The CryptoNar Ransomware Ransom Demand
After the CryptoNar Ransomware encrypts the victim's files, the CryptoNar Ransomware delivers a ransom note in the form of a text file named 'CRYPTONAR RECOVERY INFORMATION.txt,' which is dropped on the infected computer's desktop or other locations on the affected PC. The text on the CryptoNar Ransomware ransom note reads:
'Your important files including photos, videos, documents, databases, etc. were encrypted with our the CryptoNar Ransomware. The only way to get your files back is to pay us. otherwise, your files will be lost forever.
Important note: Removing cryptoNar will not restore access to your encrypted files.
Encryption was made using a unique RSA-2048 public key generated for this computer. To decrypt files, you need to acquire the private key (decryption key).
The only copy of the private key, which will allow you to decrypt your files, is located on a secret server in the Internet; the server will eliminate the key after 72 hours since its generation (since the moment your computer was infected). once this has been done, nobody will ever be able to restore your files.
In order to receive your decryption key, you will have to pay $200 in bitcoins to this bitcoin address: 1FeutvrveiF8odnnx9Rr3cyBfFiecFeKwRq
when time comes to send the bitcoins to us, make sure to include your e-mail and your personal ID (you can see it below) in the extra information box (it may apper also as 'Extra Note or 'optional message') in order to get your personal decryption key. It may take up to 6-8 hours to take your personal decryption key.
After the payment was made, and you received your decryption key, just press the decryption button in the decryptor (located on the desktop). Enter your decryption key you received, and wait until the decryption process is done.
Your ID: [random characters]'
The criminals' goal is to profit by creating these threats and demanding a ransom from the victim. However, there's no point in following the CryptoNar Ransomware's instructions or paying this malware's ransom since the chances to get back the lost data are almost none.