MonCrypt Ransomware

The MonCrypt Ransomware is a newly spotted data-encrypting Trojan. After studying the threat, malware analysts found that this is a variant of the Scarab Ransomware. Many authors of ransomware threats tend to borrow the code of already existing data-locking Trojans instead of building a threat from scratch. This saves them time and effort and tends to be just as effective.

Propagation and Encryption

It is not yet known how exactly is the MonCrypt Ransomware being distributed. Some experts speculate that the attackers may be employing spam emails as an infection vector. This means that targeted users would receive an email containing a fake message and an infected attached file. Upon executing the attachment, their system will be compromised. Other commonly used propagation methods include malvertisement campaigns, bogus application downloads, and updates, torrent trackers, etc. The MonCrypt Ransomware is likely targeting a very long list of filetypes as this increases the chances of the attackers getting paid. The more file a data-locking Trojan encrypts, the more likely it is for the victim to consider paying up the ransom fee. All the marked files will be locked using a complex encryption algorithm. The affected files will have their names changed because the MonCrypt Ransomware adds a new extension to their names – ‘.moncrypt.’ This means that a file originally named ‘pine-forest.mp4’ will be renamed to ‘pine-forest.mp4.moncrypt’ and will no longer be executable.

The Ransom Note

In the next step of the attack, the MonCrypt Ransomware will drop a ransom note on the user’s computer. The name of the note is ‘HOW TO RECOVER ENCRYPTED FILES.txt.’ In the ransom message, the attackers state that they are willing to unlock three files free of charge as proof that they are in possession of a functional decryption key. The attackers insist on being contacted via email – ‘moncoin@prontonmail.com.’ It is likely that they will provide further information once the user gets in touch with them.

It is not advisable to contact the creators of the MonCrypt Ransomware. Cybercriminals may claim that they would reverse the damage done to your files, but they rarely hold up their end of the bargain. This is why you should download and install a legitimate anti-virus application that will not only remove the MonCrypt Ransomware from your computer safely but will also make sure you do not find yourself with the same problem in the future.