MaxiCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 9,963 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 257 |
| First Seen: | March 1, 2022 |
| Last Seen: | August 19, 2023 |
| OS(es) Affected: | Windows |
The MaxiCrypt Ransomware is an encryption ransomware Trojan that was first observed by malware researchers on November 28, 2017. Threats like the MaxiCrypt Ransomware are often delivered through corrupted spam email messages. The MaxiCrypt Ransomware will often arrive on the victim's computer in the form of a Microsoft Word document that uses bad macro scripts to download and install the MaxiCrypt Ransomware onto the victim's computer. The MaxiCrypt Ransomware functions like most encryption ransomware Trojans in that it is designed to take the victim's files hostage, encrypt them with a strong encryption algorithm and then demand payment of a ransom from the victim in exchange for the decryption key needed to restore the affected files.
Unveiling the MaxiCrypt Ransomware Attack
Unfortunately, the MaxiCrypt Ransomware uses a combination of the AES and RSA encryptions, which makes its attack quite successful; the files encrypted by the MaxiCrypt Ransomware are no longer recoverable without the decryption key. The MaxiCrypt Ransomware marks the files with the file extension:
.[maxicrypt@cock.li].maxicrypt
This file extension is added to the end of each affected file's name. Some of the file types that are typically targeted in ransomware attacks like the MaxiCrypt Ransomware are:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The MaxiCrypt Ransomware delivers its ransom note in the form of a text file named 'How to restore your data.TXT' when it finishes encrypted the targeted files. The full text of the MaxiCrypt Ransomware ransom note reads:
MaxiCrypt
===
YOUR FILES ARE ENCRYPTED!
Your personal ID
R0g000000015ulOw*****BfcY8liLDPY
Your documents, photos, databases, save games and other important data was encrypted.
Data recovery the necessary decryption tool. To get the decryption tool, should send an email to:
maxicrypt@cock.li or maxidecrypt@protonmail.com
In a letter to include Your personal ID (see the beginning of this document).
In the proof we have decryption tool, you can send us 1 file for test decryption.
Next, you need to pay for the decryption tool.
In response letter You will receive the address of Bitcoin wallet which you need to perform the transfer of funds.
If You have no bitcoins
* Create a Bitcoin wallet: https://blockchain.info/ru/wallet/new
* Purchase Bitcoin: https://localbitcoins.com/ru/buy_bitcoins or http://www.coindesk.com/information/how-can-i-buy-bitcoins (Visa/MasterCard, etc.)
When money transfer is confirmed, You will receive the decrypter file for Your computer.
After starting the program-interpreter, all Your files will be restored.
Attention!
* Do not attempt to remove a program or run the anti-virus tools
* Attempts to decrypt the files will lead to loss of Your data
* Decoders other users is incompatible with Your data, as each user unique encryption key
==='
One aspect of the MaxiCrypt Ransomware that is different from many other encryption ransomware Trojans is that the MaxiCrypt Ransomware writes additional data onto the affected files, making their file sizes different, somewhat larger.
Dealing with the MaxiCrypt Ransomware
The best way to deal with the MaxiCrypt Ransomware, as with most encryption ransomware Trojans, is to use file backups to replace the files encrypted by the attack. Also, computer users are advised to refrain from paying the MaxiCrypt Ransomware ransom or contacting the people responsible for the MaxiCrypt Ransomware attack. A combination of file backups and a reliable security program is the best protection against threats like the MaxiCrypt Ransomware.
