SpartCrypt Ransomware

Most ransomware threats nowadays are simply variants of already existing threats. This is because it is far easier to borrow the code from an existing threat and tweak it slightly than build a data-locking Trojan from the ground up. However, there are still cyber crooks out there who opt to make their own file-encrypting Trojans. One of the newest data-locking Trojans that do not appear to share similarities with any of the popular ransomware families is called SpartaCrypt Ransomware.

Propagation, Encryption and the Ransom Note

The infection triggers used by the creators of the SpartaCrypt Ransomware are yet to be determined. One of the most common propagation methods used in the spreading of threats of this type is spam emails. An email that is propagating a data-locking Trojan would often contain a message riddled with social tricks designed to induce the user into opening the fraudulent attachment that contains the harmful code of the threat. However, there are numerous ways to distribute a file-encrypting Trojan, and in this case, spam emails may be just one of the methods. Regardless of how the SpartaCrypt Ransomware sneaks into one's system, its goal is simple – locate the user's data and encrypt it. The SpartaCrypt Ransomware appends a new extension to the locked files – '.SpartCrypt[LordCracker@protonmail.com]-[ID-].Encrypted.' The SpartaCrypt Ransomware drops a ransom message for the user, which will be located in two files – 'Info.hta' and 'How_To_Restore_Files.txt.' It would appear that when constructing the 'Info.hta' ransom message, the SpartaCrypt Ransomware may have been inspired by the Globe Ransomware. However, the SpartaCrypt Ransomware is not a variant of this ransomware threat, and they do not have anything else in common. The attackers have provided two email addresses where the user can contact them – ‘phabos@cock.li' or ‘lordcracker@protonmail.com.'

The Good News

However, building a ransomware threat from scratch is not for everyone, and this is probably what the authors of the SpartaCrypt Ransomware have now learned. Shortly after uncovering the SpartaCrypt Ransomware, malware researchers managed to crack the threat and develop a decryption tool, which was then released publicly for free. This means that the users who have been affected by the SpartaCrypt Ransomware and have had all their data encrypted by this nasty threat will be able to reverse the damage free of charge. It is likely that the authors of this file-encrypting Trojan will not be able to cash in on much due to the fast reaction and great skills of the cyber security experts who took it upon themselves to combat this threat.

Even if there was no free decryption tool available, it is never a good idea to contact the authors of ransomware and attempt to negotiate with them. They are not individuals who deserve your trust or your money. Most users who have opted to pay the ransom fee demanded have never received their decryption key as ransomware authors lose interest in cooperating quickly when they get the victim's money. Downloading and installing a genuine anti-virus solution is the safest way to remove a data-locking Trojan from your computer.