Home Malware Programs Ransomware CryptoHasYou Ransomware

CryptoHasYou Ransomware

Posted: March 30, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 69
First Seen: March 30, 2016
OS(es) Affected: Windows


The CryptoHasYou Ransomware is a Trojan that holds the data on your PC hostage by encrypting it, thereby forcing its victims to buy a decryption service from a fraudster. Because these transactions have no legal protection or backing, the con artist may not necessarily provide the promised decryptor, or even be capable of doing so. By keeping backups of your important files, you can recover them without decryption access, and by using anti-malware tools routinely, you can identify or remove the CryptoHasYou Ransomware, when appropriate.

The New Malware that Has You (or Your Files)

For many con artists, the easiest way to get money is simply to ask for it by creating circumstances that compel obedience. File-encrypting Trojans can be thought of as a more polite form of threatened violence or blackmail, with typical consequences including being barred from your possessions and data. As an example, malware experts might display the CryptoHasYou Ransomware, a recent threat most likely created as a clone from previously available ransomware kits.

The CryptoHasYou Ransomware arrives by such means as website embedded exploits or installers hidden inside of e-mail attachments. The CryptoHasYou Ransomware then scans your computer for specific file types not required by Windows. These types include, but aren't limited to INI (a text-based program initialization file), WSD (WordStar text documents) or PDB (a Microsoft-developed program database). Data falling into the CryptoHasYou Ransomware's prerequisites will experience encryption through an AES-256 cipher. Once they're encrypted, these files can't open or be read, and must be replaced or decrypted by a compatible decryption application.

Malware experts have yet to see any functional decryptors for the CryptoHasYou Ransomware being made available to the public. Victims can speed up the development of such counter responses by delivering samples to relevant anti-malware organizations when requested.

After its encryption attack, the CryptoHasYou Ransomware also creates image and text files corresponding to ransom messages. Besides selling a decryption service with a supposedly infection-specific key, these messages claim that prices will rise over time. Accordingly, the PC user is pressured into paying as quickly as possible, without taking the time to consider the potential consequences.

Beating the Clock on a Digital Hostage Crisis

You can determine which files the CryptoHasYou Ransomware harms by searching for the '.the CryptoHasYou' or '.enc' extensions. These extensions have no impact on the encryption process and are only useful for identification purposes. The CryptoHasYou Ransomware's con artists do offer a 'trial' decryption service that decrypts individual files free of charge, which offers a limited means of data recovery. However, PC owners keeping their data safe in Web storage or USB devices never should need to decrypt any of their held-for-ransom files.

The CryptoHasYou Ransomware campaign is only one of many using the proven principles of threatening data encryption for extracting ransoms from NGOs, governments, businesses and other entities. Uninstalling the CryptoHasYou Ransomware, and other threats that may assist with its installation should always include scanning the compromised PC with anti-malware products. However, preventing a CryptoHasYou Ransomware infection still is the safest course of action for your saved data. Based on past incidents, malware experts stress network and e-mail security protocols, which are likely of being useful in limiting the CryptoHasYou Ransomware's future movements.

Loading...