CrySpheRe Ransomware

Cybercriminals are utilizing a threat named CrySpheRe Ransomware to lock the data of their victims. Ransomware threats typically use military-grade cryptographic algorithms, which makes the restoration of the impacted files practically impossible without having the proper decryption keys. The main goal of ransomware campaigns is to extort the affected users or organizations for money.

As for the CrySpheRe Ransomware specifically, the threat has been confirmed to be a variant of the Xorist Ransomware family. It can lock a huge range of different file types. All of the locked documents, archives, images, photos, databases, etc., will have '.CrySpheRe' appended to their names as a new extension. The malware will drop two ransom notes with an identical message on the infected computers - one inside a text file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt' and one displayed as a pop-up window.

Despite the name of the text file is in Russian, the text of both ransom notes is in English. The operators of the CrySpheRe Ransomware state that victims must pay a ransom of $30 if they want to receive a decryption tool for the locked files. A single email at 'march20222021@proton.me' is provided as a communication channel. Victims must keep in mind that even if they pay the demanded sum, there are no guarantees that the cybercriminals will keep their promises or that the software they provide will be able to successfully recover all of the encrypted data.

The full text of the CrySpheRe Ransomware notes is:

'All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted.
What can I do to get my files back? You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $30.

Contact for buying decryption software: march20222021@proton.me'