CyberSCCP Crypto Ransomware

The CyberSCCP Crypto is an encryption ransomware Trojan that seems designed to attack computer users located in Farsi-speaking regions. The CyberSCCP Crypto was first observed on June 19, 2019, carrying out a typical version of this hoax. The CyberSCCP Crypto is based on HiddenTear, an open source ransomware platform that has been available to criminals since 2015. The CyberSCCP Crypto, like most other HiddenTear-based ransomware Trojans, will use the AES encryption to make the victim's files inaccessible so that it can keep them hostage and then demand a ransom payment from the victims in return for the decryption key they will need to restore the files affected by the CyberSCCP Crypto's attack.

How the CyberSCCP Crypto can Demand a Ransom Payment from Its Victims

The CyberSCCP Crypto seems to be delivered in the form of a RAR file, which installs the CyberSCCP Crypto onto the victim's computer. Currently, the CyberSCCP Crypto reaches its victims via a spam email campaign that seems to be limited to Iran geographically. However, there is nothing preventing the CyberSCCP Crypto from being installed in computers located in other regions of the world. Since one of the CyberSCCP Crypto's main distribution vectors involves spam email messages, learning to deal with this harmful content is essential in preventing attacks like the CyberSCCP Crypto. The CyberSCCP Crypto is written using AutoIt, and there do not seem to be any signs of the CyberSCCP Crypto sending a decryption key to an external server, meaning that it serves as a data wiper rather than an encryption ransomware Trojan effectively. The CyberSCCP Crypto will target the user-generated files in its attack, which may include a variety of document types and media files. Threats like the CyberSCCP Crypto will target the file types described below in their attacks:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The CyberSCCP Crypto encrypts the files and marks them with the file extension '.CyberSCCP,' making it simple to determine which files have been compromised by the CyberSCCP Crypto attack.

The CyberSCCP Crypto's Ransom Note

The victims of the CyberSCCP Crypto will be presented with a ransom note. This ransom note is delivered in a text file named 'READ_IT.txt' and in a desktop wallpaper image with a moody picture of a landscape. Both ransom notes contain the following message:

'ALL YOUR FILE HAS BEEN ENCRYPTED!
PAY 0.03 BTC FOR RESTORE YOUR DATA.
CONTACT US: CyberSCCP@protonmail.com'

In general, computer users are strongly advised to avoid contacting criminals responsible for these attacks or paying these kinds of ransoms. This is crucial in the case of the CyberSCCP Crypto since there is no sign that the criminals have a way to access the decryption key needed to restore the files affected in the attack. As with most encryption ransomware Trojans, the beast measures are preventive. Computer users are advised to use a trustworthy backup method to ensure that files are stored in the cloud or an external device. An effectual security program that is fully up to date should also be used to prevent the CyberSCCP Crypto attacks and to remove threats like this one if they are present on your computer.