Seccrypt Ransomware

A new potent malware threat named Seccrypt Ransomware has been detected by infosec researchers. Although Seccrypt is classified as a variant from the WastedLocker Ransomware family, it remains a threat that can wreak havoc on any computer it manages to infect. The threat begins its damaging operations by initiating an encryption process that can affect a wide range of file types - PDFs, MS Office docs, archives, databases, photos, audio, and video files, etc.

Each encrypted file will have '.seccrypt' appended to its name as a new extension. Victims of Seccrypt Ransomware will be provided with a ransom note containing instructions from the hackers. The note will be dropped as multiple text files depending on the total number of files encrypted on the system. For example, for a file named 'Picture1.jpg.seccrypt,' the threat will create a 'Picture1.jpg.howto_seccrypt' file that carries the ransom note.

The instructions are rather brief, simply stating that the victim's files have been encrypted with a strong algorithm and that potential backups have been either encrypted as well or outright deleted. To receive further details, victims are told to establish communication by sending a message to the '16675@PROTONMAIL.CH' email address.

The full text of the note delivered by Seccrypt Ransomware is:

'Your network has been penetrated.

All files on each host in the network have been encrypted with a strong algorythm.

Backups were either encrypted or deleted.

Do not rename or move the encrypted files.

To get the files back contact us at: 16675@PROTONMAIL.CH

Store the encryption key:'