CrY-TrOwX Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 193 |
Threat Level: | 20 % (Normal) |
Infected Computers: | 18,592 |
First Seen: | September 26, 2022 |
Last Seen: | September 21, 2023 |
OS(es) Affected: | Windows |
The CrY-TrOwX Ransomware is an encryption ransomware Trojan. These threats are designed to take the victims' files hostage by making use of a strong encryption algorithm to make the victim's files inaccessible and then demanding the payment of a ransom in exchange for the decryption key needed to restore the affected files. The CrY-TrOwX Ransomware was first observed on December 13, 2017. The CrY-TrOwX Ransomware is delivered to victims through the use of corrupted email attachments in the form of Microsoft Word files with corrupted macro scripts that download and install the CrY-TrOwX Ransomware onto the victim's computer. The spam email messages used to deliver the CrY-TrOwX Ransomware may use social engineering tactics to trick the victim into opening the corrupted email attachments, which pretend to have been sent by a legitimate source.
Table of Contents
How the CrY-TrOwX Ransomware Attacks a Computer
The CrY-TrOwX Ransomware is a variant of HiddenTear, an open source ransomware platform that first appeared in 2015 and that has been responsible for countless threat attacks since it first appeared. The CrY-TrOwX Ransomware's properties seem to indicate that is was developed by someone going by the name 'ismail.' The CrY-TrOwX Ransomware runs as 'CrY.exe' on infected computers and uses the AES 256 encryption to make the victim's files inaccessible. The CrY-TrOwX Ransomware marks the files encrypted by its attack with the file extension '.locked', added to the affected file's name. The CrY-TrOwX Ransomware targets a wide variety of the user-generated files while avoiding Windows system files, much like most encryption ransomware Trojans. Some of files that may be targeted by ransomware Trojans like the CrY-TrOwX Ransomware in their attack include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Once the CrY-TrOwX Ransomware encrypts the files, they are no longer accessible without the decryption key, which the cybercrook hold in their possession.
The CrY-TrOwX Ransomware’s Ransom Note
The CrY-TrOwX Ransomware delivers its ransom note in the form of a text file named 'READ_AND_CRY_.txt,' dropped on the infected computer's desktop. The full text of the CrY-TrOwX Ransomware's ransom note reads:
'Hello All Your Important Files Are Encrypted by CrY!
Communicate With Us To Save Your Files!
E-Mail Address : kaya.kyasor99@yandex.com'
It is not a good move contacting the people responsible for the CrY-TrOwX Ransomware attack. These people will demand that the victim pays a large ransom via Bitcoin in exchange for the decryption key, but one will never know if they will keep their promise and help victims recover from the attack. In fact, they are just as likely to ignore the victim or demand additional payments. Even if the victim recovers, it is likely that the cybercrooks will target the victim for additional attacks since the victim will have shown a willingness to pay the ransom once.
Dealing with a CrY-TrOwX Ransomware Attack
Instead of paying the CrY-TrOwX Ransomware ransom, computer users to take precautions against these attacks. The best preventive measure is to have file backups on an external memory device. Having file backups allows recovery of the affected files without having to interact with the people responsible for the CrY-TrOwX Ransomware attack.
URLs
CrY-TrOwX Ransomware may call the following URLs:
pornone.com |