Cryptorbit Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 10 |
| First Seen: | January 28, 2014 |
| Last Seen: | October 22, 2022 |
| OS(es) Affected: | Windows |
The Cryptorbit Ransomware is a threat that will harass computer users, displaying an alarming message claiming that the victim's files were encrypted. The Cryptorbit Ransomware may be distributed using compromised email attachments. Once the Cryptorbit Ransomware is installed on the victim's computer, the Cryptorbit Ransomware encrypts several files on the compromised computer, specifically looking for files with extensions that are commonly used, corresponding to documents, pictures and possibly important content. File types encrypted by the Cryptorbit Ransomware include PDF, DOC, DOCX, XLS, PPT, PDF, JPG and many others.
Table of Contents
The Cryptorbit Ransomware Demands an Innovative Form of Ransom Payment
The Cryptorbit Ransomware is considered ransomware because the Cryptorbit Ransomware essentially takes the victim computer's control and then urges the payment of a ransom. The Cryptorbit Ransomware demands payment of 0.5 Bitcoins to restore the victim's file, which equals about $400 USD. The Cryptorbit Ransomware is a variant of a threat that had appeared before with the name 'Cryptolocker Ransomware'. It is important to note that the Cryptorbit Ransomware itself is easy to remove, although files that were encrypted are not particularly easy to restore. In some cases, computer users have been successful using System Restore. However, backing up important data is usually the best way of preventing the destructive aftermath of these types of threats.
The Cryptorbit Ransomware Encrypts the Computer User’s Files
As soon as the Cryptorbit Ransomware infects a computer, the Cryptorbit Ransomware will establish a connection to its Command and Control server and generate a key which may be used to encrypt the victim's files. Once the files have been encrypted, the Cryptorbit Ransomware displays a message alerting the computer user that the files were encrypted and displaying instructions on how to make the payment and restore the affected files to normal. The key for decrypting the affected files is, unfortunately, not found in the Cryptorbit Ransomware's code, but in the Command and Control server. Malware researchers advise computer users to backup their data and to avoid paying the criminals responsible for the Cryptorbit Ransomware to restore the encrypted files. Doing so only serves to further these criminal organizations' goals and allow shady individuals to profit at your expense.
Messages
The following messages associated with Cryptorbit Ransomware were found:
|
Cryptorbit
YOUR PERSONAL FILES ARE ENCRYPTED All files including videos, photos and documents, etc on your computer are encrypted. Encryption was produced using a unique public key generated for this computer. To decrypt files, you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files. In order to decrypt the files, open site 4sfxctgp53imlvzk.onion.to/index.php and follow the steps below: 1. You must download and install this browser: torproject.org/projects/torbrowser.html.en 2. After installation, run the browser and enter the address: 4sfxctgp53imlvzk.onion/index.php 3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files. |
