Win32/Crowti ransomware is on the rise

News by Ava Fedorov

A sudden increase in the number of threat detections involving the Win32/Crowti ransomware was announced this week by The Microsoft Malware Protection Centre. Typical of most ransomware, Crowti is distributed via spam email campaigns containing infected zip archived attachments or malicious links. However, MMPC research shows that Crowti is also distributed via exploit kits that exploit Java and Flash vulnerabilities. Additionally, this malware has been known to piggy-back on other malware such as Upatre, Zbot and Zemot, according to the MMPC report.

As with other ransomware, Crowti encrypts all files on the infected PC, demanding bitcoin payment in order to restore the files. Paying the ransom rarely enacts restoration, and thus, the best strategy for avoiding Crowti and other ransomware is to take the proper security precautions to prevent vulnerability and attack. The MMPC recommends vigilant backing up of hard drives and keeping software and applications up to date, especially those associated with Java and Flash.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike