Cyber Security

CRPTD Ransomware Tries to Deter Victims From Using Antivirus Software

A new ransomware program called CRPTD has appeared on the malware scene. Researchers warn that CRPTD ransomware is categorized as a high-severity level threat, as it is designed to corrupt data and extort ransom payments from victims.

What is CRPTD Ransomware

CRPTD ransomware is a type of malware that encrypts user files and ransoms the victims’ data in order to make a profit. This digital threat sneaks into its targets' devices and encrypts user-generated files. 

Upon successful infiltration, CRPTD scans the machine for files that could be valuable to the user, such as pictures, databases, documents, spreadsheets, archives, and backups.

CRPTD uses a strong encryption algorithm to lock the data and prevent the user from accessing it.

The data encrypted by CRPTD is easily recognizable as the ransomware modifies the file names by attaching the ".CRPTD" file extension. For example, a file named "documents.rar" will be renamed to "documents.rar.CRPTD."

Upon completing the encryption process, CRPTD will delete the volume shadow copies on the computer to make recovery impossible. It will also drop and display a ransom note called "Recover files.hta"

Ransom Demands

CRPTD will display a pop-up window, which informs the victim that their files have been encrypted.

Ransom Note Text:

Your personal ID---

Your files are encrypted!

To decrypt, follow the instructions below.

To recover data you need decrypt tool.

To get the decrypt tool you should:

Send 3 crypted test image or text file or document to badbeeteam@mail.ee

Or alternate mail badbeeteam@cock.li

In the letter include your personal ID (look at the beginning of this document). Send me this ID in your first email to me.

We will give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files.

After we send you instruction how to pay for decrypt tool and after payment you will receive a decrypt tool and instructions how to use it We can decrypt few files in quality the evidence that we have the decoder.

--------

MOST IMPORTANT!!!

Do not contact other services that promise to decrypt your files, this is fraud on their part!

They will buy a decoder from us, and you will pay more for his services.

No one, except badbeeteam@mail.ee (badbeeteam@cock.li), will decrypt your files.

--------

Only badbeeteam@mail.ee (badbeeteam@cock.li) can decrypt your files

Do not trust anyone besides badbeeteam@mail.ee (badbeeteam@cock.li)

Antivirus programs can delete this document and you can not contact us later.

Attempts to self-decrypting files will result in the loss of your data

Decoders other users are not compatible with your data, because each user's unique encryption key

The cybercriminals behind CRPTD offer decryption software in exchange for a ransom payment. The victims are instructed to contact the threat operators via email.

In a message addressed to either badbeeteam@mail.ee or badbeeteam@cock.li email address, the victim should include their personal ID stated in the ransom note. Additionally, the victim can attach up to three files that will be decrypted for free as proof that decryption is possible.

The ransom note includes a few additional warnings. Victims are advised not to thrust third parties for decryption as they may fall victim to scammers. 

The criminals also discourage the use of anti-virus apps. They say that such software could delete the ransom note and prevent the user from establishing communication with the threat operators.

Victims are also advised to refrain from renaming their files because such action could lead to data loss.

How CRPTD Ransomware Infects Computers

There is no evidence that CRPTD is used in brute-force attacks. Most ransomware threats are spread via mass-distribution tricks that target a broad spectrum of potential victims.

Spam campaigns 

Cybercriminals use a variety of messaging platforms to reach potential targets, including class email messages and modern instant messaging services. They write on behalf of well-known companies and organizations and use topics that carry a sense of urgency. The criminals implement various social engineering tricks to lure their victims into interacting with malicious links and attachments that deliver malware to the victim's device.

Software activators 

Criminals take advantage of the many people who go online to look for a way to bypass paid software activation by uploading malicious app activators. These malicious tools are either presented as legitimate utilities designed to evade paid activation or as "cracked" software copies that are ready to install.

Trojans 

Trojans could also deliver ransomware as second-stage malware. While some trojans are programmed to download and install additional malware on the host device, others are remote access threats, which allow criminals to take control of the infected machine and install anything on it.

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Loading...
Back to top button