MCrypt2019 Ransomware
MCrypt2019 Ransomware Image
The MCrypt2019 Ransomware is a brand-new data-locking Trojan. Very often, cybercriminals would take the code of an already existing ransomware threat, tweak a little to their liking, and release it as their own. However, it appears that the MCrypt2019 Ransomware is not a variant of any of the popular file-encrypting Trojans.
Propagation and Encryption
It has not yet been determined what infection vectors are involved in the spreading of the MCrypt2019 Ransomware. Some malware researchers speculate that the authors of the MCrypt2019 Ransomware may be employing some of the most common propagation methods such as mass spam email campaigns, bogus software updates, and pirated fake copies of popular applications. When the MCrypt2019 Ransomware infiltrates a PC, it performs a brief scan, which determines the locations of the files, which this threat was programmed to target. Then, the MCrypt2019 Ransomware will start locking all the files targeted. When the MCrypt2019 Ransomware encrypts a file, it changes its name by adding a '.exe' extension. For example, an audio file called 'Lost-Seattle-Dream.mp3' will be renamed to 'Lost-Seattle-Dream.mp3.exe,' and you will not be capable of playing it.
The Ransom Note
Then, the MCrypt2019 Ransomware drops a ransom note named 'HOW-TO-DECRYPT-FILES.htm.' The note's background is black with a vivid red shade used for the text. This is a form of social engineering as this color combination is usually associated with danger and is meant to intimidate the victim into paying the ransom fee subconsciously. The note states:
'Ooops, your important files are encrypted!
If you see this text, your files are no longer accessible, because they have been encrypted. perhaps you looking for a way to decrypt your files, but DON'T waste your time. No one can recover your files without our decryption key.
Please follow the instructions:
1. Send $600 worth of Bitcoins to the following address:
1LS32VsvWhWU6ud9h3xEJuJzgEbRtBnymE
2. Send your Bitcoin wallet ID and your ID to E-mail mcrypt2019@yandex.com.
Your personal ID:'
The sum demanded by the attackers is $600 in the form of Bitcoin. The attackers have provided an email address where they can be contacted – 'mcrypt2019@yandex.com.' To ensure that the victim knows what has happened with their files, the authors of the MCrypt2019 Ransomware change the wallpaper to a note by them that instructs the user to read the ransom note.
We advise you to stay away from cybercriminals. There is no guarantee that they will provide you with a decryption key if you pay them. This is why a reputable anti-malware tool should be used to wipe off the MCrypt2019 Ransomware from your computer. Then, you can try to recover some of the data using a third-party file recovery application.
