Threat Database Ransomware InsaneCrypt Ransomware

InsaneCrypt Ransomware

By GoldSparrow in Ransomware

The InsaneCrypt Ransomware is an encryption ransomware Trojan that is based on desuCrypt, an open source ransomware engine. This open source project, found on Github, has been copied and modified by the people responsible for the InsaneCrypt Ransomware attack. Variants of desuCrypt, so far, were detected on January 18, 2018, and the InsaneCrypt Ransomware was detected on January 23, 2018. The InsaneCrypt Ransomware and its variants may be delivered to victims through the use of unsafe email attachments, which may include macro-enabled documents that download and install the InsaneCrypt Ransomware when the victim opens the compromised document.

The InsaneCrypt Ransomware and Other DesuCrypt Variants

The InsaneCrypt Ransomware and DesuCrypt have few, mostly superficial differences between them. The InsaneCrypt Ransomware marks the files encrypted by the attack with the file extension '.[insane@airmail.cc].insane' (while DesuCrypt uses '.[rememberggg@tutanota.com].DEUSCRYPT' to mark the affected files. The InsaneCrypt Ransomware and its variants, like most encryption ransomware Trojans, will target the user-generated files on the infected computer and then a strong encryption algorithm to make the file inaccessible. The file types that may be encrypted by the InsaneCrypt Ransomware attack include:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

After the InsaneCrypt Ransomware encrypts the victim's files, the victim is asked to contact the cybercrooks via an email address included in a ransom note (and in the file extensions that the InsaneCrypt Ransomware adds to the affected files' names). However, contacting the people responsible for the InsaneCrypt Ransomware attack is not advised at all.

How the Cybercrooks may Profit from an InsaneCrypt Ransomware Attack

Cybercrook may make money with these attacks by extorting computer users. These are ransom schemes where the victim's files are taken hostage and only returned when the victim agrees to pay a ransom. These ransoms are paid using Bitcoin preferably since this cryptocurrency allows the cybercrooks to receive anonymous payments. The InsaneCrypt Ransomware delivers its ransom note by dropping a text file on the infected computer's desktop. This file, named 'note.txt,' contains a short message that reads:

'All your files have been encrypted due oto a security problem with your PC. If you want to restore them, write us to the email [email address]. You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After Payment we will send the decryption tool that will decrypt your files.
[unique ID string]'

Regardless of the claims in this message, computer users should avoid contacting these people. The ransom payment in these attacks may range from a few hundred dollars to thousands of dollars, depending on the amount of the compromised data and the profile of the victim.

Protecting Your Data from Threats Like the InsaneCrypt Ransomware

There are strong reasons that make the payment of the InsaneCrypt Ransomware ransom or contacting the criminals controlling it something that must be avoided. The best protection against these attacks is to have file backups on the cloud or saved in guarded places. Having file backups allows computer users to restore their files after an attack without having to contact its perpetrators. Computer users also should use a security program that is fully up-to-date to protect their data from the InsaneCrypt Ransomware and similar threat attacks preemptively.

URLs

InsaneCrypt Ransomware may call the following URLs:

professionalbusinesstoday.xyz

Trending

Most Viewed

Loading...