|
Name |
Cryptinfinite OR Decryptor Max |
|
Type |
Crypto-Ransomware |
|
Encryption Type |
AES-265 and RSA encryption |
|
Short Description |
This encrypts the file of the victim and then adds up .Crypt, .pzdc extension after each encrypted files. This ransomware replaces the desktop wallpaper of the victim with an image containing a message which shows how the payment of a ransom must be made to receive the key for encryption. |
|
Symptoms |
If the computer is infected the wallpaper of the infected device will display a red (readdecryptfules.png wallpaper. |
|
Distribution Method |
Spam Email, compromised website. |
|
Image |
This display note will be shown in the victim’s desktop
|
|
More Details |
This ransomware targets all the version of windows, this ransomware uses AES-265 and RSA encryption method. This ransomware is spread through Spam emails, compromised websites. If the victim clicks on the spam email attachment the ransomware enters the victim’s device. Once this penetrates the victim device the first and foremost work of it is to create a random name executable file on the location %appdata% and sometime it might be Local appdata folder, this process is done inorder to make sure that the ransomware comes into play each time the system is rebooted so that the stability of the ransomware is more. Once this process is completed it moves onto next operation, the second operation of this ransomware is to scan the infected device targeting some specific files, some of the specific files targeted by this ransomware are as given in the following. The targeted files are then encrypted using the RSA and AES algorithm, the extension of the encrypted files are then changed into .crinf extension followed with the normal extension. When the victim tries to open the encrypted files it will not be opened. This ransomware creates a ReadDecryptFilesHere.txt. These files are present in all the folders where the encrypted files are present. This .txt file provides the information on how to decrypt the encrypted files and the steps to be done for decryption. Once the encryption process is completed it deletes the shadow volume of the files so that the victim cannot retrieve back the encrypted files. The ransom is supposed to be paid within 24 hours. IF the ransom is not paid in the next 7 days then the files that are encrypted cannot be accessed in future. These are some of the targeted files by this ransomware for encryption.
|
