Crowti

Posted: October 31, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	10,980
Threat Level:	1/10
Infected PCs:	1,623

First Seen:	October 31, 2014
Last Seen:	October 4, 2023
OS(es) Affected:	Windows

Crowti, also IDed as CryptoWall, is a family of file encryptor Trojans. Files on infected PCs are modified to make them unreadable, after which a ransom message displays for paying for a file-restoring service. Like other ransomware, paying Crowti does not guarantee the decrypting of your data, and malware researchers find using anti-malware products to remove Crowti without payments to third parties to be the safest strategy.

The Crow that's Flying Away with Your Files

Trojans that encrypt an infected machine's files are one of the most invasive and thorough ways for third parties to hold a compromised PC hostage. Crowti, while previously examined, is a family of just such Trojans that has seen renewed activity, both in terms of circulation and terms of the variants available. Recent analyses confirmed by malware experts can point to over eighty separate versions of the Crowti Trojans, all of which were in distribution as of this month. The most often-targeted country was the United States, with individual attacks estimated at slightly over 85,000. However, other regions, such as Japan and the UK also have been targeted, although in much lesser numbers than the US.

After Crowti completes its installation, Crowti encrypts files according to their types, targeting JPGs, Word documents and other, equally-popular file types. The encryption attack prevents the infected PC from reading the affected files, which follows with Crowti displaying a ransom message. The perpetrators of the attack recommend using a digital currency and the Onion Router (an anonymity-enabling service) to facilitate the payment, claiming that, afterward, your files will have their decryption proceed.

Telling a File-Ransoming Trojan to Eat Crow

Although free decryption tools for threats like Crowti may be hard to come by, malware researchers note that good file backup practices may render Crowti's immediate attacks effectively neutered. Backups stored on remote devices are the simplest way of protecting your files, although you also should take care that Crowti does not infect any devices attached to an infected PC. Anti-malware scanners also are dependable tools for uninstalling Crowti and removing its ransom message from your computer. Nonetheless, keeping all security programs updated may be needed to have a serious chance of identifying Crowti, or other, equally-diverse Trojan families.

Crowti's distribution methods are as flexible as the individual variants of this Trojan. Some of the most popular techniques for installing Crowti include e-mail spam with mislabeled file attachments and hacked websites that redirect to exploit kits and software vulnerabilities. The former may be identified as fraudulent business notifications. Meanwhile, the latter may be hampered by PC users who bother to update their software, particularly with respect to often-targeted platforms. Of these platforms, malware experts would include JavaScript, Flash, Adobe Reader and Microsoft Office.

Technical Details

Additional Information

The following URL's were detected:

https://feed.pdfconvertersearchhq.com/?q=

Ransom:Win32/Crowti.A