Malware researchers first observed the PewCrypt Ransomware, an encryption ransomware Trojan, in the third week of February 2019. The PewCrypt Ransomware doesn't have many variants. The PewCrypt Ransomware carries out a typical encryption ransomware attack, taking the victims' files hostage and then urging the victim to make a ransom payment in exchange for renewing access to the victim's data.
The Interaction of the PewCrypt Ransomware with Java
One aspect of the PewCrypt Ransomware attack that sets it apart from most other encryption ransomware Trojans is that it seems to be based on Java. The PewCrypt Ransomware requires the Java Runtime Environment (JRE) to be present on the infected computer to carry out its attack. The PewCrypt Ransomware uses the Java class function 'java.security.SecureRandom()' to encrypt the victims' data. The PewCrypt Ransomware ignores DLL, EXE, and JAR files and targets a wide variety of file types in its attack, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The PewCrypt Ransomware does something odd after encrypting the victim's files: the PewCrypt Ransomware tries to threaten the victim into subscribing to the YouTube channel belonging to PewDiePie, a popular YouTube while most encryption ransomware Trojans simply demand a ransom payment. It is not clear whether the PewCrypt Ransomware is meant to be a prank program or a joke.
Who Created the PewCrypt Ransomware?
PC security researchers observed that the Twitter account '__JustMe__' claimed ownership for the PewCrypt Ransomware, supposedly as part of a learning project. This Twitter account shared a link to a Google Drive file that supposedly helps victims decrypt the files encrypted by the PewCrypt Ransomware attack. Regardless of whether the PewCrypt Ransomware is meant to be a serious attack or not, the PewCrypt Ransomware does carry out an effective encryption algorithm attack that could be weaponized by criminals easily to demand ransom payments and carry out more standard encryption ransomware attacks.
Protecting Your Data from Threats Like the PewCrypt Ransomware
Threats like the PewCrypt Ransomware, regardless of whether they are serious or not, use a strong encryption method that makes the victims' files unrecoverable. This is why if you want to protect your machine against threats like the PewCrypt Ransomware, you must have file backups stored in a secure location such as the cloud or an external device. Apart from file backups, computer users must use a reliable security program to intercept the PewCrypt Ransomware attacks and other threats. Apart from file backups and security program, learning to recognize online tactics and possible infection sources is an essential part of stopping threats like the PewCrypt Ransomware.