CryptOstonE Ransomware

The CryptOstonE Ransomware is a threat that has been caught in the wild by infosec experts. The CryptOstonE Ransomware appears to be a new variant based on the previously detected CryptoWire Ransomware. Affected users will find that their files stored on the compromised system have been rendered inaccessible and unusable through an encryption process initiated by the threat. The criminals will then extort their victims for money by promising to send the necessary decryption key and software tool after they get paid. Unfortunately for victims of CryptOstonE Ransomware, it appears that the current version of the threat has been released mostly for testing purposes. As such, crucial details are missing from the ransom note dropped on the infected machines. 

All encrypted files will be marked by the CryptOstonE Ransomware by having '.encrypted' injected between their file name and extension. For example, 'Picture1.png' will be renamed to 'Picture1.encrypted.png' due to the activity of the threat. The ransom note of the threat will then be displayed in a pop-up window. It states that the only way to restore the locked files is to purchase the decryption key from the hackers. The price of the ransom is set at $2000 payable using the Bitcoin cryptocurrency. After transferring the money, users are expected to initiate contact with the hackers. As we said, however, some essential information is missing from the note. There is no crypto-wallet address to which the Bitcoins would have to be transferred and there are no communication channels that the victims can use to reach the cybercriminals. 

This limits the options available to users affected by the threat severely. The best-case scenario is to have a suitable backup available that was created before the ransomware threat had infected the system. Make sure, however, that the CryptOstonE Ransomware has been removed from the computer completely, before proceeding with the restoration efforts. 

The note displayed by CryptOstonE Ransomware is: