Crypt malware – How it has been affecting Melbournians


Crypt is a malware that was developed by the Dharma ransomware group. One of the most distinctive features of Crypt is that it doesn’t need to contact a C&C server in order to work. Instead, this ransomware has one hardcoded encryption key that it will use to encrypt files on your computer and then later uploads the key paired with the crypted files to their servers so you can never decrypt those encrypted files again.

In addition to that, this ransomware takes all files from your Desktop and from your Documents folder and then encrypts those, too. Crypt will also scan the programs installed on your computer for data files it can encrypt as well as any other ones you might have saved on a secondary storage media such as external hard drives or USB flash drives that are plugged into your computer.

What does it do?

Once it has infected a computer, it will encrypt certain files using asymmetric encryption with the use of 2048-bit RSA key pair. After all of your files are encrypted, Crypt will create a text file on your Desktop called “READ_ME_TO_DECRYPT.txt” that has instructions telling you how to pay the ransom so you can finally decrypt those precious family pictures or work-related documents you thought were lost forever.

Unfortunately, once your files are crypted you probably won’t be able to decrypt them without paying the ransom or restoring them from a backup you set up previously before your network got infected. This is where backups come in handy! So before you send in the money to get your files back, it’s best to try and restore them from your backups.

Here’s the twist – Instead of paying for the decryption key like most ransomware demands, Crypt requires victims pay a huge sum of money – typically $300 to $1000 in order to decrypt your files within 96 hours (3 days). After the ransom is paid, the ransomware will send an email with instructions on how to get your files back.

How does the Crypt malware spread?

With the Crypto malware, it can be distributed via infected files or attachments in spam emails between Melbourne users. Although this virus mostly relies on users to open these malicious attachments, hackers have been known to exploit vulnerabilities in Windows and other software carrying Crypt ransomware. So, be careful before you open that PDF file from that unknown sender! Also, be cautious about torrent websites because some are hosting malicious files that can infect your devices.

What are the symptoms of Crypt ransomware?

Crypto malware is typically used to target all versions of Windows. It will encrypt documents, music files, photos, videos or just about any type of file on your computer that it can get its hands on. Once your files have been encrypted by this ransomware, you may be tempted to open them as you normally would. If you do, the virus will automatically encrypt those new files as well.



What should I do if my computer has been infected with Crypt malware?

1. Isolate the device from the internet.

The easiest way to disconnect a computer from the internet is to unplug its network cable, but you can also disable the wireless card. Without internet access, Crypto ransomware cannot spread. Next step is to attempt to identify which variant of Crypto ransomware infected your device and more importantly – how was it delivered to you. If you identified that the infection was through an email attachment or malicious link in an email, you should check the last few emails sent and received.
Most Crypto ransomware infections that are delivered through phishing campaigns or drive-by downloads.

2. Use a backup to restore your files

Unfortunately, there is no free decryption key available for this ransomware and paying does not guarantee that your files will be unlocked again. So your best bet is to use a data backup service to restore your files. This will not only ensure you don’t lose any documents but also save you time and energy.
However, it is important to make sure that the backup service has the ability to encrypt your data before uploading them. Otherwise, you might be putting yourself at risk of ransomware by uploading encrypted versions of your files which can be unlocked by cyber criminals with the key.
If you aren’t backing up your data – now is a good time to start. It’s never too early, nor late for this step. There are great online backup services like OneDrive and Google Drive can automatically back up all of your files and documents. We’ve already written a good article about the advantages of online backups.

3. Get in touch with a local computer technician

Malwares are pretty hard to remove, so contacting a local computer technician is best course of action for ridding your computer of Crypto ransomware. If you are not tech savvy at all, it is advised to take the device to your preferred computer technician instead of trying to remove the infection on your own. Our technicians provide computer repairs to Melbourne homes and businesses and can aid with Crypt ransomware removal, computer security and data recovery.

If you are indeed a bit tech savvy, Read on:

If your device is already infected with the Crypt ransomware, there are a few ways you could potentially get rid of it. If you follow our advice and scan for malware using Windows Defender, we might be able to detect and remove the Crypt ransomware. There are also other reputable internet security products that can help in these situations, such as Kaspersky or Trend Micro.
If these tools cannot get rid of the infection, or if you’d like a second look at it – do give us a call.

Here are some steps you can take to protect yourself from Crypt ransomware:

1. Only install apps from an official source
2. Make sure all of your software and operating systems are up-to-date
3. Back up your files regularly and to an external device that is not attached to the computer
4. Don’t open attachments from unknown people and email addresses
5. Only visit websites you trust and avoid downloads from suspicious websites.
6. Since Crypt ransomware attacks rely on social engineering, it’s important that we educate ourselves on how hackers trick their victims.
7. Hackers often pose as representatives of legitimate companies in an attempt to get users to provide information that could be used to access or damage their computer, including passwords and credit card details. They might also link their victims to malicious websites in an effort to infect them with malware, ransomware like Crypt, or other threats.
8. You should never trust unsolicited phone calls, emails, or other messages that ask you for your personal information or refer you to a web page asking for personal information.
9. Always use legitimate software to avoid ransomware and other kinds of malware
10. As cybercriminals continue to innovate, so must your approach to security. Usually, this means keeping software patched and up-to-date as well as using a reputable internet security product such as Windows Defender of if you would like to sleep better at night, we would recommend Kaspersky.

Interesting Read: WannaCry Ransomware – All You Need to Know

I am a computer engineer holding a bachelor's degree in Computer Science, complemented by a Master's in Business Administration from University of Strathclyde, Scotland. I currently work as a Senior IT Consultant in Melbourne, Australia. With over 15 years of...