Police_Decrypt0r Ransomware
The Police_Decrypt0r Ransomware is a malware threat that cybercriminals can use to lock the data of their victims. By executing the malware on the breached devices, the attackers can impact the data stored there and leave it in an inaccessible state. Like most ransomware threats, Police_Decrypt0r also utilizes a strong cryptographic algorithm as part of its encryption routine. The threat was identified by a cybersecurity researcher who goes by Petrovic on Twitter.
All files locked by this piece of threatening software will have '.CRYPT' appended to their original names. Afterward, the Police_Decrypt0r Ransomware will proceed to deliver its instructions to the victims. The threat will first generate a pop-up window stating that affected users have just 5 hours to pay a ransom to the attackers or risk losing their entire computer system. More details will be shown in an additional pop-up window.
This time victims are told that they will need to send 0.005 BTC, worth around $1000 at the current Bitcoin exchange rate, to the provided crypto-wallet address. It also should be noted that the operators of the Police_Decrypt0r Ransomware attempt to present themselves as a 'CYBER.POLICE American national security agency,' likely as another method to trick users into paying the demanded amount. Finally, a text file named 'Police_Decrypt0r.txt' will be dropped to the victim's device containing another ransom note. The text file and the second pop-up window direct users towards messaging an email address under the control of the attackers - 'crypt31@proton.me.'
The first pop-up window created by Police_Decrypt0r Ransomware states the following:
'Police_Information
You only have 5 hours to complete the payment, if the payment isn'5 submitted by tomorrow night, we'll brick your enctire system.
OK'
The second pop-up window contains the following message:
'Police_Decrypt0r
Your important files are encrypted…
CYBER.POLICE American national security agency
Remaining time:
Bitcoin address:
1Jq3QkccvEXULEtMByA8h5H53CwY3YBwQLYour documents, photos, databases, important data were encrypted
How to pay and unlock your files
Send 0.05 BTC to 1Jq3QkccvEXULEtMByA8h5H53CwY3YBwQL
After payment,contact us get your decryption
Email:crypt31@proton.me'
The note delivered as a text file is:
'Your documents, photos, databases, important data were encrypted
How to pay and unlock your files
Send 0.05 BTC to 1Jq3QkccvEXULEtMByA8h5H53CwY3YBwQL
After payment,contact us get your decryption
Email:crypt31@proton.me'
