Threat Database Ransomware Spyro Ransomware

Spyro Ransomware

Infosec researchers have caught a new threatening malware that has been unleashed by unscrupulous hackers. The threat is named Spyro Ransomware and can cause significant damage to any computer it manages to infect. Once inside, Spyro initiates an encryption algorithm with an uncrackable cryptographic algorithm. As a result, nearly all files stored on the device will be rendered both inaccessible and unusable. The goal of cybercriminals is to then extort their victims for money. 

Spyro Ransomware's Details

After encrypting each file, the Spyro Ransomware will mark it by changing that file's name drastically. The threat appends an email address, a victim's ID number, and '.Spyro' to the original filenames. The email address is 'BlackSpyro@tutanota.com.' When the encryption process is completed, Spyro proceeds to deliver a ransom note with instructions for its victims. The message is placed inside a text file named 'Scratch.' 

The note reveals that the ransom must be paid using the Bitcoin cryptocurrency. It also instructs victims of the threat to locate a file named 'prvkey*.txt.key' that has been created on the compromised device. The specific file may have a number instead of the asterisk symbol. Once located, the file must be sent to the hackers as it is vital to the decryption process. Alongside it, users are allowed to also send a single file that is less than 1MB in size to supposedly be decrypted for free. The note concludes with a warning that tampering with the 'prvkey*.txt.key' file might lead to irreversible damage and make all the encrypted data unsalvageable. 

The full text of Spyro Ransomware's note is:

'All Your Files Has Been Encrypted

You Have to Pay to Get Your Files Back

1-Go to C:\ProgramData\ or in Your other Drives   and send us prvkey*.txt.key  file ,  *  might be a number (like this : prvkey3.txt.key)

2-You can send some file little than 1mb for Decryption test to trust us But the test File should not contain valuable data

3-Payment should be with Bitcoin

4-Changing Windows without saving prvkey.txt.key file will cause permanete Data loss

Our Email:BlackSpyro@tutanota.com

in Case of no Answer:'

Related Posts

Trending

Most Viewed

Loading...