Threat Database Ransomware Cryptorbit Ransomware

Cryptorbit Ransomware

By Domesticus in Ransomware

Threat Scorecard

Threat Level: 10 % (Normal)
Infected Computers: 10
First Seen: January 28, 2014
Last Seen: October 22, 2022
OS(es) Affected: Windows

The Cryptorbit Ransomware is a threat that will harass computer users, displaying an alarming message claiming that the victim's files were encrypted. The Cryptorbit Ransomware may be distributed using compromised email attachments. Once the Cryptorbit Ransomware is installed on the victim's computer, the Cryptorbit Ransomware encrypts several files on the compromised computer, specifically looking for files with extensions that are commonly used, corresponding to documents, pictures and possibly important content. File types encrypted by the Cryptorbit Ransomware include PDF, DOC, DOCX, XLS, PPT, PDF, JPG and many others.

The Cryptorbit Ransomware Demands an Innovative Form of Ransom Payment

The Cryptorbit Ransomware is considered ransomware because the Cryptorbit Ransomware essentially takes the victim computer's control and then urges the payment of a ransom. The Cryptorbit Ransomware demands payment of 0.5 Bitcoins to restore the victim's file, which equals about $400 USD. The Cryptorbit Ransomware is a variant of a threat that had appeared before with the name 'Cryptolocker Ransomware'. It is important to note that the Cryptorbit Ransomware itself is easy to remove, although files that were encrypted are not particularly easy to restore. In some cases, computer users have been successful using System Restore. However, backing up important data is usually the best way of preventing the destructive aftermath of these types of threats.

The Cryptorbit Ransomware Encrypts the Computer User’s Files

As soon as the Cryptorbit Ransomware infects a computer, the Cryptorbit Ransomware will establish a connection to its Command and Control server and generate a key which may be used to encrypt the victim's files. Once the files have been encrypted, the Cryptorbit Ransomware displays a message alerting the computer user that the files were encrypted and displaying instructions on how to make the payment and restore the affected files to normal. The key for decrypting the affected files is, unfortunately, not found in the Cryptorbit Ransomware's code, but in the Command and Control server. Malware researchers advise computer users to backup their data and to avoid paying the criminals responsible for the Cryptorbit Ransomware to restore the encrypted files. Doing so only serves to further these criminal organizations' goals and allow shady individuals to profit at your expense.


The following messages associated with Cryptorbit Ransomware were found:

All files including videos, photos and documents, etc on your computer are encrypted. Encryption was produced using a unique public key generated for this
computer. To decrypt files, you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files. In order to decrypt the files, open site and follow the steps below: 1. You must download and install this browser: 2. After installation, run the browser and enter the address: 4sfxctgp53imlvzk.onion/index.php 3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.


Most Viewed