Threat Database Ransomware WormCryptor Ransomware

WormCryptor Ransomware

By GoldSparrow in Ransomware

The WormCryptor Ransomware is an encryption ransomware Trojan that was first observed on December 17, 2018. The WormCryptor Ransomware will generally be delivered to the victims' computers via email, often in the form of Microsoft Word file attachments with embedded macro scripts. Once installed, the WormCryptor Ransomware will take the victim's files hostage and then demand payment in exchange for returning access to the victim's files.

Symptoms of a WormCryptor Ransomware Infection

The WormCryptor Ransomware is designed to target the user-generated files and encrypt them using a strong encryption algorithm. The WormCryptor Ransomware's attack targets a wide variety of user-generated files, which may include numerous documents, media files, databases, configuration files, and many other data types. Threats like the WormCryptor Ransomware may target the files specified below in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The WormCryptor Ransomware marks the targeted files with the file extension '.WORMCRYPT0R,' which will be added to the end of the affected file's name. Unfortunately, once the WormCryptor Ransomware damages a file, it will no longer be recoverable without the decryption key needed to restore the affected data. The victims of the WormCryptor Ransomware attack are asked to pay a large ransom and communicate with the criminals via email. The WormCryptor Ransomware delivers this information in a ransom note contained in a text file named 'WORMCRY.txt,' which contains the following text message and email address:

'Whooooooooooooooops! Your Files Has Be Encrypted!
Your Files Has Be Encrypted With the WormCryptor Ransomware v1
GO to
>wormcry349doai3fc.onion/getunlock
To Get Your Unlock Key!
Your Personal Key > [hexadecimal string]
Personal ID> [random characters]
Your Have Exactly 24 Hours To Pa
!@!@#!@#!#!@#!@#!@#!@#!@#!@#!@#!#!@#!@#!@#!@#!@#!@#!@#!@#!@#!@#!@#!@#!
For More Info Send Email To 0952D66CC63F1D353F45C0535AB16C7C@tor2mail.co'

PC security researchers strongly advise computer users to disregard the WormCryptor Ransomware message and avoid contacting the criminals responsible for this attack.

Protecting Your Data from Threats Like the WormCryptor Ransomware

The best protection against threats like the WormCryptor Ransomware is to have backup copies of your files. Apart from file backups, PC security researchers strongly advise computer users to install an established security program that is fully up-to-date, which can be used to intercept and remove the WormCryptor Ransomware even if it is not capable of decrypting the affected files. Unfortunately, once the WormCryptor Ransomware has encrypted the files, they are no longer recoverable, and it is highly unlikely that the criminals will respond and decrypt the files even if the payment is carried out.

Trending

Most Viewed

Loading...