New Ransomware Demands Ransom in Bitcoins to Get Your Files Back
With a new year comes new challenges, new hopes, new resolutions, and of course, new ransomware. The newest discovered ransomware called Cryptojoker proves to be anything but amusing to its victims, and although it doesn’t appear to have been widely distributed as of yet, it is an entirely functional ransomware that could see increased distribution in the future.
Beware of unknown emails
IT security experts cannot stress enough how important it is NOT to open emails from unknown sources, but sometimes, the curiosity of these mystery emails is just too much for us to resist. That being said, it is thought that because this ransomware is being disguised as a PDF file, it is more than likely that CryptoJoker is being distributed via email phishing campaign, and you can bet that the subject is not “the PDF file attached to this email is just ransomware in disguise”. Unfortunately, these cybercriminals are a lot smarter than that.
How it works
CryptoJoker uses AES-256 encryption that demands a ransom in bitcoins to get your files back, and once the installer is executed, it will download or generate several executables in the%APPData% folder and %TEMP% folder. Each of these files will perform several tasks that include:
- Sending your information to the Command and Control server
- Polling for active Regedit or Taskmgr processes and terminating them
- Ensuring that the lock screen remains visibly located on the top of other active Windows
As soon as CryptoJoker encrypts your data, it will scan all of your drives. This includes mapped network drives on your computer for files with certain extensions. When it finds targeted extensions, it will encrypt the file and change the filename so it has a ‘.crjoker’ extension appended to it. For example, Vacatio.jpg would become Vacation.jpg.crjoker.
While CryptoJoker is encrypting your data, it will also send your information to the Command & Control server located at server6.thcservers.com. This information includes the date, your hostname, username, and machine name.
Currently, there is not a known free method to decrypt files that have been encrypted by CryptoJoker. You must simply keep all of your files backed up and ready to recover, in order to avoid losing access and having to pay the ransom fee.
Contact CTECH Consulting Group at (403) 457-1478 or send us an email at info@ctechgroup.net to find out about our managed IT services. We’ll keep all of your files safe against any type of malware.
My passion is to make my mark on the world in a positive and lasting way. I want to set an example for my son that his father can compete with integrity in today’s world, be very successful, and leave the world a better place for him.
Combining my technical/business-based education with a long career steadily progressing up the corporate ladder, I decided to build a company that held true to my values. So, I founded and designed the next generation of IT support firm: CTECH Consulting Group Inc. We are a completely automated, cloud-based IT company designed to compete against any other IT firm without the overhead. We promote a lifestyle to all our staff where they can work anywhere, at any time, access any information on any device that is relevant to their job, and collaborate with anyone they want to.
What Is Your IT Company Doing For You?
Find Out Why Hundreds Of Business Professionals Trust CTECH For Their Technology Solutions.
CTECH Consulting Group provides...
- A detailed analysis of your current IT company and the work they are doing for you
- An action plan to address operational any or all issues
- A detailed budget and project plan
Get the clarity your organization needs to get your IT back on track. Completely risk-free, with no-obligation.