StorageCrypter Ransomware

The StorageCrypter Ransomware is an encryption ransomware Trojan that carries out a typical version of this tactic. Threats like the StorageCrypter Ransomware are designed to make the victim's files inaccessible through the use of a strong encryption algorithm. Then the victim is ordered to pay a large ransom in exchange for the decryption key needed to restore the affected files. PC security researchers first observed the StorageCrypter Ransomware being used in attacks on November 25, 2017. PC security researchers have reported that the StorageCrypter Ransomware attacks have been targeting vulnerable My Cloud accounts, exposed online. These devices are frequently used by online content creators and small and medium businesses. Typically, the StorageCrypter Ransomware will target computer users with weak passwords or other vulnerabilities, encrypting the contents of their stored data and then demanding payment in exchange for the decryption key.

The Unsafest Storage in the World

The StorageCrypter Ransomware will target a variety of file types, generally looking for the user-generated files, which may include media files, documents, databases, archives, and a wide variety of other file types. Some of the file types that are typically targeted in ransomware attacks similar to the StorageCrypter Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The StorageCrypter Ransomware will mark the encrypted files by attaching the file extension '.locked' to the end of each affected file's name, after using a match of the AES and RSA encryptions so that the victim's files inaccessible. The files encrypted by the attack are not recoverable without the decryption key.

Dealing with a StorageCrypter Ransomware Attack

The StorageCrypter Ransomware delivers a ransom note in the form of a text file after the encryption of the targeted files is complete. This file, named '_READ_ME_FOR_DECRYPT.txt,' is dropped in every directory where the files with the '.locked' extension are located. The StorageCrypter Ransomware delivers the following message to the victim in its ransom note:

'How to decrypt your files?
To decrypt your files, please follow the steps below
Pay 0.4 bitcoin to this address: 1HUqiacJ6F6yLwTeGwohEdgWVuehibEegq
Pay To: 1HUqiacJ6F6yLwTeGwohEdgWVuehibEegq
Amount: 0.4
After you have finished paying, Contact us and Send us your Decrypt-ID via email
Once we have confirmed your deal, we have sent you to decrypt all your files.
If you have any questions, please do not hesitate to contact us
Contact Email: JeanRenoAParis@protonmail.com
Decrypt-ID: [EDITED]'

It is clear that the StorageCrypter Ransomware is searching for high-profiled targets than the average ransomware Trojan since the ransom is close to 4,000 USD at the current exchange rate. However, PC security researchers have received reports of computer users negotiating the ransom amount down to approximately 1,400 USD successfully. In either case, the right move is to refrain from contacting the people responsible for these attacks. It is instead necessary to ensure that all data is stored securely and protected with strong passwords and other security measures, such as two-factor authentication. Computer users that have their data stored using My Cloud should make sure that they have updated and ensured that their data is safe from attacks. The best protection against the StorageCrypter Ransomware and similar threats is to have secondary backup methods that allow the restoration of the encrypted data.

SpyHunter Detects & Remove StorageCrypter Ransomware