Seccrypt Ransomware
A new potent malware threat named Seccrypt Ransomware has been detected by infosec researchers. Although Seccrypt is classified as a variant from the WastedLocker Ransomware family, it remains a threat that can wreak havoc on any computer it manages to infect. The threat begins its damaging operations by initiating an encryption process that can affect a wide range of file types - PDFs, MS Office docs, archives, databases, photos, audio, and video files, etc.
Each encrypted file will have '.seccrypt' appended to its name as a new extension. Victims of Seccrypt Ransomware will be provided with a ransom note containing instructions from the hackers. The note will be dropped as multiple text files depending on the total number of files encrypted on the system. For example, for a file named 'Picture1.jpg.seccrypt,' the threat will create a 'Picture1.jpg.howto_seccrypt' file that carries the ransom note.
The instructions are rather brief, simply stating that the victim's files have been encrypted with a strong algorithm and that potential backups have been either encrypted as well or outright deleted. To receive further details, victims are told to establish communication by sending a message to the '16675@PROTONMAIL.CH' email address.
The full text of the note delivered by Seccrypt Ransomware is:
'Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted.
Do not rename or move the encrypted files.
To get the files back contact us at: 16675@PROTONMAIL.CH
Store the encryption key:'