CryptoNar Ransomware

CryptoNar Ransomware Description

The CryptoNar Ransomware is an encryption ransomware Trojan that was first observed in the final week of August 2018. The CryptoNar Ransomware is being distributed to victims through corrupted spam email attachments mainly. These attachments often take the form of emails disguised as messages from legitimate sources containing a Microsoft Office or PDF file attachment. The CryptoNar Ransomware will be downloaded and installed on the targeted computer when the victims open embedded macros. Once the CryptoNar Ransomware is installed, it carries out its attack, taking the victim's files hostage and then demanding a ransom payment to return access to the affected files.

Symptoms of a CryptoNar Ransomware Infection

The CryptoNar Ransomware uses AES 256 encryption to make the victim's files inaccessible. The CryptoNar Ransomware encrypts a wide variety of file types in its attack, which include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The CryptoNar Ransomware marks the files encrypted by its attack with the file extensions '.fully.cryptoNar' or '.partially.CryptoNar,' which make it clear what files have been compromised by the CryptoNar Ransomware attack.

The CryptoNar Ransomware Ransom Demand

After the CryptoNar Ransomware encrypts the victim's files, the CryptoNar Ransomware delivers a ransom note in the form of a text file named 'CRYPTONAR RECOVERY INFORMATION.txt,' which is dropped on the infected computer's desktop or other locations on the affected PC. The text on the CryptoNar Ransomware ransom note reads:

'Your important files including photos, videos, documents, databases, etc. were encrypted with our the CryptoNar Ransomware. The only way to get your files back is to pay us. otherwise, your files will be lost forever.
Important note: Removing cryptoNar will not restore access to your encrypted files.
Encryption was made using a unique RSA-2048 public key generated for this computer. To decrypt files, you need to acquire the private key (decryption key).
The only copy of the private key, which will allow you to decrypt your files, is located on a secret server in the Internet; the server will eliminate the key after 72 hours since its generation (since the moment your computer was infected). once this has been done, nobody will ever be able to restore your files.
In order to receive your decryption key, you will have to pay $200 in bitcoins to this bitcoin address: 1FeutvrveiF8odnnx9Rr3cyBfFiecFeKwRq
when time comes to send the bitcoins to us, make sure to include your e-mail and your personal ID (you can see it below) in the extra information box (it may apper also as 'Extra Note or 'optional message') in order to get your personal decryption key. It may take up to 6-8 hours to take your personal decryption key.
After the payment was made, and you received your decryption key, just press the decryption button in the decryptor (located on the desktop). Enter your decryption key you received, and wait until the decryption process is done.
Your ID: [random characters]'

The criminals' goal is to profit by creating these threats and demanding a ransom from the victim. However, there's no point in following the CryptoNar Ransomware's instructions or paying this malware's ransom since the chances to get back the lost data are almost none.

Do You Suspect Your PC May Be Infected with CryptoNar Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like CryptoNar Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.