New ransomware spotted using DiskCryptor

News by Robert Abel

A new ransomware was discovered installing DiskCryptor on the infected computer and rebooting the infected device to reveal a customised ransom letter.

A new ransomware was discovered installing DiskCryptor on the infected computer and rebooting the infected device to reveal a customised ransom letter.

MalwareHunter Team researchers discovered the malware which used DiskCryptor, an encryption program that encrypts the whole disk and then prompts the user to enter a password on reboot, and noted that it is being run manually or called by another script as it requires an argument to be passed to the program, according to a 5 November Bleeping Computer blog post.

"Once the entire drive has been encrypted, it will reboot the computer and the victim will be shown a ransom note to contact mcrypt2018@yandex.com for payment instructions," researchers said. "It will then sit there waiting for the user to enter the decryption password."

In order to prevent infections, researchers recommend users backup their systems, not open suspicious attachments, scan attachments for malware before opening, ensure all systems are updated, and use strong passwords.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events