SystemCrypter Ransomware

The SystemCrypter Ransomware is a brand-new ransomware threat that has been spotted recently. Upon further investigation, it appears that this data-locking Trojan does not belong to any of the popular ransomware families but is a separately developed threat.

Cybersecurity researchers have not been able to determine the exact infection vector used in propagating this file-encrypting Trojan, but it is very likely that the authors of the SystemCrypter Ransomware have employed spam email campaigns alongside faux software updates and infected pirated applications in spreading their creation. When the SystemCrypter Ransomware infiltrates a PC, it will begin the attack by scanning the data present on the system. The objective of this scan is to determine the locations of the files, which will be targeted for encryption. Next is the encryption process. When a file undergoes the encryption process of the SystemCrypter Ransomware, the threat will alter its name by adding a ‘.crypted’ extension. For example, if you had an audio file named ‘the-birthday-song.mp3’ after it gets locked by the SystemCrypter Ransomware its name will be changed to ‘the-birthday-song.mp3.crypted,’ and it will no longer be usable.

When the SystemCrypter Ransomware locks all the files it was programmed to target, it will display a ransom message. The ransom message is in the shape of a pop-up window titled ‘System Crypter v2.40.’ The background color of the pop-up window is dark red, often chosen by cybercriminals to instill fear and urgency in their victims and therefore make it more likely that they end up paying the ransom fee that will be required by them. In the note, the attackers offer to decrypt three files for free to prove to the victim that they have the decryption key. The requirements are that the files do not contain important information and are no larger than 1MB in size. The authors of the SystemCrypter Ransomware ask for 0.066 BTC (approximately $616 at the time of typing this article) as a ransom fee. The attackers have also included instructions on how to obtain BTC.

We advise you against paying cybercriminals in all cases. Furthermore, it is likely that the SystemCrypter Ransomware may be decryptable so that do not waste your money on paying cyber crooks for a solution, which may be available for free. It is also crucial that you download and install a reputable anti-virus software suite to ensure that you do not fall victim of a similar threat ever again.