CryptoShadow Ransomware
The CryptoShadow Ransomware is an encryption ransomware Trojan that is used to force computer users to pay large amounts of money. Like other encryption ransomware Trojans, the CryptoShadow Ransomware will encrypt the victims' files to demand a ransom payment in exchange for the decryption key. PC security analysts strongly advise computer users to take precautionary actions against the CryptoShadow Ransomware and other ransomware Trojans, a type of threat that has become increasingly prevalent since early 2016.
Table of Contents
A Shadow that will Cover Your Most Precious Files
PC security analysts have received reports of the CryptoShadow Ransomware attacks beginning on January 19, 2017. The CryptoShadow Ransomware belongs to a very large family of ransomware Trojans that are based on HiddenTear, an open source ransomware engine that was released on Github in 2016. Since its release, initially, for 'educational' or proof of concept purposes, Hidden Tear has spawned countless ransomware variants, which include the CryptoShadow Ransomware as one of the most recent members of this large family of ransomware. Typically, the CryptoShadow Ransomware may be delivered to the victims' computers through spam email messages, which will contain text document attachments designed to exploit macros to download and install the CryptoShadow Ransomware on the victim's computer.
Understanding the CryptoShadow Ransomware Infection
The CryptoShadow Ransomware's executable file is disguised as Internet Explorer since it is named 'iexplorer.exe' and could be confused for an instance of this Web browser on the Windows Task Manager. The CryptoShadow Ransomware's product name is 'CryptoShadow 3.1.0.0,' which is designed to affect both 32-bit and 64-bit Windows operating systems. The CryptoShadow Ransomware can affect all versions of the Windows operating system going back to Windows XP. The CryptoShadow Ransomware attack is identical to most ransomware Trojans: the CryptoShadow Ransomware encrypts its victims' files and then demands the payment of a ransom.
The CryptoShadow Ransomware uses a standard encryption ransomware attack. Using a combination of the AES and RSA encryptions, the CryptoShadow Ransomware is designed to make the victim's files completely inaccessible. The CryptoShadow Ransomware will use the AES encryption engine to encrypt all files on the victim's computer, targeting specific file types that include audio, video, images, text, databases, eBooks and numerous others. The CryptoShadow Ransomware will change the affected files' extension to '.doomed,' making it simple to identify which files have been encrypted during the attack. Once the CryptoShadow Ransomware has encrypted the victim's files, the RSA encryption engine is used to encrypt the AES key before sending it to the CryptoShadow Ransomware's Command and Control servers. Apart from the encryption key, other data about the infected computer is sent to the remote server.
Dealing with the CryptoShadow Ransomware Infection
Unfortunately, once the CryptoShadow Ransomware has encrypted the files, it is not possible to decrypt them currently. Because of this, take preventive measures against threats like the CryptoShadow Ransomware. However, it is possible that PC security researchers may release a decryption utility for the CryptoShadow Ransomware eventually, as has occurred in the past for other HiddenTear variants.
The best way to protect your data from the CryptoShadow Ransomware and minimize the damage in the case of attack is to have backups of all files. PC security researchers strongly advise computer users to have backups of all files on the cloud or an external memory device, or ideally a full disk image that can be used to restore all data. Having backups makes attacks like the CryptoShadow Ransomware completely ineffective since computer users no longer have a need to pay the CryptoShadow Ransomware ransom if it is possible to restore the affected files from a backup copy. Apart from backups, PC security researchers strongly advise computer users to have a reliable security program to protect their computers in real time, as well as to handle all unsolicited email messages with caution.
