Best Security Search
Ransomware

New CryptoCat Ransomware Virus Attacks Computers

CryptoCat is the catchy name of a dangerous ransomware virus. The virus infects computers, encrypts all their important files and demands payment for their decryption. CryptoCat claims that it uses the RSA-2048 encryption. All encrypted files have the “.cryptocat” extension.

More Information About the CryptoCat Ransomware Virus

The virus is distributed through emails and infected attachments. The crooks behind the virus launch spam campaigns, sending a large amount of infected emails to unsuspecting users. These emails often contain attachments that are infected. Once opened, these attachments start a malicious JavaScript that tweaks the PC and allows the virus to further damage the computer.

CryptoCat Ransomware Virus – Technical Details

The CryptoCat ransomware virus is made for one specific purpose – to extort money out of its victims. The crooks that developed the virus promise that they’ll decrypt all files that were locked if they get paid. The price rate of decryption is 1.6 BitCoin, about $850 or €800.

Once the virus infects the system, it starts looking for particular file types to encrypt. Ransomware target video files, photos, music, documents. You’ll know that your files were encrypted by CryptoCat if they have the “.cryptocat” extension at the end of their name.

CryptoCat also drops a ransomware note on the infected computer in the forms of a .txt files named “Your files are locked !.txt

The Note Contains The Following Text :

Your files are locked !.txt – BROKHOT
(Darin Elpasto cDopmaT Boa Cnpaska
Olt
https://abs.twimg.com/emoji/v2/72×72/1f431.png
Support e-mail: [email protected] [email protected]
Your personal files encryption produced on this computer: photos, videos, documents, etc. Encryption was produced using a unique public key RSA-2048 generated for this computer.
To decrypt files you need to obtain the private key.
The single copy of the private key, which will allow to decrypt the files, located on a secret server on the Internet; the server will destroy the key after 168 hours.
After that nobody and never will be able to restore files.
To obtain the private key for this computer, you need pay 1.45 Bitcoin (-611 USD)
Your Bitcoin address:I 1DoW7ifYKAsGvBzCQR5nvdgt3qcc7M15Do You must send 1.45 Bitcoin to the specified address and report it to e-mail customer support.
In the letter must specify your Bitcoin address to which the payment was made.

Here’s a Picture of the Note:

cryptocat-ransomware-virus-bestsecuritysearch

CryptoCat Ransomware Virus – Conclusion

This particular ransomware virus isn’t as dangerous as say Cerber3 or Locky, but it still poses a serious threat to the users who contracted it. If you’re among them, be sure to remove it using an anti-malware tool. As of now, there’s no decryptor tool released.

Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.