• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Cryptovirological Discovery: Cr1ptT0r Ransomware

March 4, 2019Simeon Georgiev

Cyberspace is brimming with cryptovirological exploits due to the uninterrupted activity of ransomware operators. They are numerous such groups that are constantly working on new encryption scripts that can get around network security and can render the expertise of ransomware removal experts useless.

Therefore, cybersecurity researchers actively search for newly active strains in the digital space so as to come up with a solution for them. In a latest such scavenging activity, a group of malware hunters has stumbled upon a new cryptovirological strain that primarily focuses on infiltrating clouds and Network Attached Storage. Researchers are still trying to figure out whether it’s a new script altogether or belongs to any existing cryptovirological family.

Cr1ptT0r Operators Take a Different Extortion Approach

In the majority of ransomware attacks, perpetrators provide their cryptocurrency wallet details in the ransom note. However, Cr1ptT0r operators have devised a multifaceted plan for extortion payments. Besides providing Bitcoin addresses in the note, they are also offering the victims to buy decrypter key from OpenBazaar, which is an open-source, decentralized portal for e-commerce transactions.

In order to prove that they have the complete legitimate decryption solution for the infection, they are providing free decryption of one file.  Moreover, affected users are not bound to buy the entire decryption. They can also contact the attackers to decrypt individual files. The ransom amounts entailing separate files will be subjected to the type and size of a file. Instead of giving email addresses, Cr1ptT0r operators have provided an ID of instant Message App for further correspondence.

Ransomware removal experts are of the opinion that Cr1ptT0r has used the combination of AES and RSA encryption modules to lock down the files on the targeted devices. Decryption experts consider this mixed encryption as one of the most difficult to come through since every combination of AES and RSA can only be unlocked through a unique decrypter.

Cr1ptT0r have finished the note in language that is reminiscent of corporate representatives talking to their clients. They assure the victims of fast and responsive ‘customer support’ and also guarantees to provide complete decryption after full payment.

Experts have found out that Cr1ptT0r operators are using two payload delivery methods. They either break into a digital environment through Remote Desktop Protocols with poor security maintenance or by using intelligently-crafted phishing emails.

Don’t try to streamline your organizational operations through RDPs where internet security is not properly taken care of. While saving up a few dollars on RDPs, you can end up incurring business losses worth thousands of dollars.

Moreover, train your staff regarding social engineering tactics used by cryptovirological operators in devising phishing emails. Keep in mind that the majority of cyber attacks succeed due to human error.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Average Ransomware Extortion Payment Rises in the Last Quarter of 2018 Next post Cryptovirological Discovery: Promos Ransomware

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.