• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

DiskCryptor as Part of Ransomware Component

November 13, 2018Simeon Georgiev

Recently, a new ransomware surfaced. The ransomware’s modus operandi includes the installation of DiskCryptor on the victim’s computer. Afterward, the computer reboots. However, unlike their regular screens, users are met with a ransom note. The note acknowledges the hack and demands money for ransomware removal.

DiskCryptor is a common program that is often used in encryption. What this program does is that it applies encryption on the entire disk—resulting in the locking of all the data which is stored in the disk. After the encryption, the computer reboots and users are greeted with a password. This password is not linked to the user’s personal PC password. Instead, it is basically a decryption key which is only held by the cybercriminals. Without typing the correct password, it is not possible to bypass the screen and access the computer.

Experts believe that the ransomware is run via manual means, though sometimes it is invoked by a separate script which needs an argument for the DiskCryptor program where the ransom is passed as an argument. Some experts have also raised the chances of the ransomware’s propagation through the exploitation of Remote Desktop Services.

When the ransomware runs, a log file is generated in the path of C:\Users\Public\myLog.txt. This file is used to represent the progress of the encryption. After the ransomware succeeds in encrypting the entire hard disk, it performs a reboot of the computer and ultimately victims are greeted with the much-dreaded ransom note. An email of [email protected] is provided for contact where cybercriminals explain the procedure to pay money in exchange for ransomware removal in the form of the decryption password.

The idea behind using DiskCryptor in ransomware campaigns first originated in 2016. At that time, a ransomware known as HDDCryptor utilized DiskCryptor for extortion of money.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post CryptConsole 3 Ransomware Next post West Nipissing Police Cautions Against Ransomware

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.