CryT0Y Ransomware
Infosec researchers have detected another ransomware threat that has been unleashed in the wild. Named CryT0Y, the malware is capable of causing massive damage to any system it manages to infect by encrypting nearly all of the files stored on it. Users will find themselves unable to access any of their documents, pictures, movies, audio files, archives, databases, PDFs, etc. The threat marks all affected files by appending '.cryt0y' to their original names as a new extension.
The ransom note from the hackers will be presented to the victims in multiple forms. The CryT0Y Ransomware changes the user's desktop wallpaper with a new image, creates a text file named 'READ_IT.txt,' and generates a pop-up window on the Desktop screen. The wallpaper image contains a shortened version of the note while the pop-up window and the text file show the full set of instructions left by the cybercriminals.
Apparently, the CryT0Y Ransomware uses the RSA-4096 asymmetric cryptographic algorithm for its encryption process. The private key needed for the restoration of the locked data can be accessed only by the ransomware's creators. To receive the decryption software, users are told to transfer $80 worth of Bitcoins to the provided cryptocurrency wallet address. A countdown timer displayed in the pop-up window shows the remaining time before the encrypted files on the system will supposedly be deleted.
The message from the wallpaper image is:
'What happened to your files?
All your files are encrypted with RSA-4096,
Read more on hxxps://en.wikipedia.org/wiki/RSA_(cryptosystem)Is it possible to get back your data?
Yes, We have a decrypter with the private key.
We have one option to get all your data back.Step 1: Open the "Read_It text file"
Step 2: Send us the Bitcoins amount to the address
Step 3: After our system confirmed your pc gets decrypted automaticallyThe full ransom note delivered by CryT0Y Ransomware as a text file and pop-up window is:
What happened to your files?
All your files are encrypted with RSA-4096, Read more on hxxps://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA is an algorithm used by modern computers to encrypt and decrypt the data. RSA is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of the keys can be given to anyone:1 - We encrypted your files with our Public key
2 - You can decrypt, the encrypted files with specific Private key and your private key is in our hands ( It's not possible to recover your files without our private key )Is it possible to get back your data?
Yes, We have a decrypter with the private key. We have one option to get all your data back.
"Follow the instructions to get all your data back:Step 1 : You must send us 80$ worth of Bitcoin for your affected system
Step 2 : After you sent us the bitcoin our system automatically decrypt all you files and our software will delete itselfOur Bitcoin address is: 1M2gaPPNHuJfNVAEaHhQ6ZejK2PHxHbmSj
Where to buy Bitcoin?
The easiest way is LocalBitcoins, but you can find more websites to buy bitcoin using Google Search: buy bitcoin online
MMoga.com Bitcoin gift cards is a fast way to buy bitcoins.'
