Home Malware Programs Ransomware CryptoHost Ransomware

CryptoHost Ransomware

Posted: April 11, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 45
First Seen: April 11, 2016
OS(es) Affected: Windows

The CryptoHost Ransomware is a Trojan that holds your files hostage by compressing them into an archive file and then generating a password to block you from decompressing the data. Like other ransomware, the CryptoHost Ransomware also includes ransom messages demanding money in exchange for restoring your files. Numerous PC users should be able to use any of multiple, free methods of digital content restoration without paying this fee, although they always should disable and delete the CryptoHost Ransomware first.

A RAR File Playing Host to a Hard Drive Hostage Crisis

Evolving techniques in PC ransomware strategies have taken various courses in the past few years, ranging from blocking the victim's desktop to blocking particular files or programs. Although recent threats typically operate under a well-established tactic of encrypting files directly, the CryptoHost Ransomware uses a somewhat different method to accomplish the same, ransom-oriented goal. Instead of encrypting files on an individual basis, malware experts find the CryptoHost Ransomware moving data to a password-protected location.

The CryptoHost Ransomware, also identifiable by the name Manamecrypt popularly, scans for files on your computer that aren't essential to the operating system, such as work documents or game-related media. Instead of encrypting them, however, the CryptoHost Ransomware generates an RAR file (a compressed archival format, similar to ZIP) and moves them into this archive. The Trojan protects its RAR with a password generated on a system-specific basis, effectively blocking the users off from their files by a low-tech but efficient method.

The Trojan still includes all of the standard ransom-based instructions generated through dropped image files, which are common to other threats of its classification. The CryptoHost Ransomware's message claims falsely that removing the infection also will delete your archived data, and asks for approximately 140 USD ransom payment via Bitcoin.

Halting a Party Hosted by Ransomware

Although technically simple to accomplish, the CryptoHost Ransomware's ransom method also includes some serious vulnerabilities that make it easier for victims to unlock their files at no charge. Each password string bases itself on an SHA1 hash of your PC's C drive volume serial, processor ID, and motherboard serial numbers. Since the same string also is the basis of the RAR file's name, the password is equivalent to the RAR's name plus your Windows account's username. Other researchers in the PC security industry also have provided free software for identifying the appropriate password in the CryptoHost Ransomware infections.

In its ransom message, if any attempt is made to remove the CryptoHost Ransomware, the threat claims that your RAR also will delete itself. To date, malware experts have found no evidence to back up this warning. However, some versions of the CryptoHost Ransomware do block various brands of anti-malware software, and the CryptoHost Ransomware may be maintaining a persistent system process (instead of triggering its payload and self-terminating).

You should use previously proven means of blocking the CryptoHost Ransomware, and other threats from running persistent processes in your PC's memory. Some of the simplest techniques available to casual PC users include using Task Manager to close the CryptoHost Ransomware or rebooting with Safe Mode, to prevent its original start-up. Anti-malware tools then are viable solutions for deleting your the CryptoHost Ransomware infection.

The CryptoHost Ransomware is semi-innovative as a ransomware campaign, but also shows many of the restrictions and oversights that one can discover in such attacks. In most cases, victims have no one to blame but themselves for losing money in exchange for file recovery services that they may or may not receive.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to CryptoHost Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Loading...
Spywareremove.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.