CryptPethya Ransomware Description
The CryptPethya Ransomware is a file-locking Trojan that's a variant of the 'freeware' Xorist Ransomware family. Besides locking the user's files, it also includes a ransom note with fake references to spying on the victim and recording their Web-surfing activities. Users should treat this threat similar to other Trojans with encryption features by deleting the CryptPethya Ransomware via trusted security software and restoring their files from their last backup.
Layers of Lies in a Regular Trojan
Since any threat actor can grab Xorist Ransomware and modify it without paying Ransomware-as-a-Service style fees, it's a good testing ground for observing social engineering methods. This family, running through variations like the AAC Ransomware, the Bl9c98vcvv Ransomware, the TaRoNiS Ransomware, or the Lockerxxs Ransomware, proves that there's no one 'right' way to extort money. However, the CryptPethya Ransomware shows that extortion and lies go hand-in-hand.
The CryptPethya Ransomware exhibits most of the standard features of the Xorist Ransomware family:
- Encrypting media like documents, images and spreadsheets (so that they can't open)
- Flagging the non-opening 'hostages' with its extension of 'CryptPethya'
- Displaying ransom notes in wallpapers and separate text files
The CryptPethya Ransomware's name is an interesting choice due to its referencing the Petya Ransomware. This notorious Trojan locks the Windows boot-up process to display a ransom note and causes permanent system damage. Besides this fear-mongering, the CryptPethya Ransomware also obfuscates its features by claiming that the attacker's recorded the victim's erotic browsing activities and collected information like Facebook contacts.
Although it has no basis in reality, the double threat makes the offer of a ransom, supposedly, more attractive to any victims who shrug off the CryptPethya Ransomware's file-locking feature.
Outsmarting a Forked-Tongued Program
The CryptPethya Ransomware isn't a relative of the Petya Ransomware and is an only-slightly-changed version of GitHub software that any threat actor can use for their purposes. Similarly, malware researchers point to the CryptPethya Ransomware's ransom note being a part of older Trojans' campaigns, too, down to the precise wording. Victims have no reason for fearing the CryptPethya Ransomware's theft of information or other bluffs. Still, Trojan infections may not be solitary and can include other risks and supportive threats, such as Remote Access Trojans.
The CryptPethya Ransomware claims that it gains system access by cracking the administrator's password. This assertion could be true, in which case users can protect themselves by using traditionally-strong login combinations that resist brute-force attacks. It also could be another bluff. Malware experts recommend Windows users keep an equally-attentive watch over infection vectors like torrents, e-mailed files and unofficial software updates.
Any quality anti-malware service may remove the CryptPethya Ransomware from a compromised system or block an infection attempt. Users have personal backups or the Xorist Ransomware family's free decryption tool for data recovery.
The CryptPethya Ransomware says a lot of falsehood with few words. Its campaign is an excellent, modern-day Aesop's fable of how taking Trojans at face value is, usually, the worst thing to do.