A sudden increase in the number of threat detections involving the Win32/Crowti ransomware was announced this week by The Microsoft Malware Protection Centre. Typical of most ransomware, Crowti is distributed via spam email campaigns containing infected zip archived attachments or malicious links. However, MMPC research shows that Crowti is also distributed via exploit kits that exploit Java and Flash vulnerabilities. Additionally, this malware has been known to piggy-back on other malware such as Upatre, Zbot and Zemot, according to the MMPC report.
As with other ransomware, Crowti encrypts all files on the infected PC, demanding bitcoin payment in order to restore the files. Paying the ransom rarely enacts restoration, and thus, the best strategy for avoiding Crowti and other ransomware is to take the proper security precautions to prevent vulnerability and attack. The MMPC recommends vigilant backing up of hard drives and keeping software and applications up to date, especially those associated with Java and Flash.