CryptoHost Ransomware
Posted: April 11, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 45 |
First Seen: | April 11, 2016 |
---|---|
OS(es) Affected: | Windows |
The CryptoHost Ransomware is a Trojan that holds your files hostage by compressing them into an archive file and then generating a password to block you from decompressing the data. Like other ransomware, the CryptoHost Ransomware also includes ransom messages demanding money in exchange for restoring your files. Numerous PC users should be able to use any of multiple, free methods of digital content restoration without paying this fee, although they always should disable and delete the CryptoHost Ransomware first.
A RAR File Playing Host to a Hard Drive Hostage Crisis
Evolving techniques in PC ransomware strategies have taken various courses in the past few years, ranging from blocking the victim's desktop to blocking particular files or programs. Although recent threats typically operate under a well-established tactic of encrypting files directly, the CryptoHost Ransomware uses a somewhat different method to accomplish the same, ransom-oriented goal. Instead of encrypting files on an individual basis, malware experts find the CryptoHost Ransomware moving data to a password-protected location.
The CryptoHost Ransomware, also identifiable by the name Manamecrypt popularly, scans for files on your computer that aren't essential to the operating system, such as work documents or game-related media. Instead of encrypting them, however, the CryptoHost Ransomware generates an RAR file (a compressed archival format, similar to ZIP) and moves them into this archive. The Trojan protects its RAR with a password generated on a system-specific basis, effectively blocking the users off from their files by a low-tech but efficient method.
The Trojan still includes all of the standard ransom-based instructions generated through dropped image files, which are common to other threats of its classification. The CryptoHost Ransomware's message claims falsely that removing the infection also will delete your archived data, and asks for approximately 140 USD ransom payment via Bitcoin.
Halting a Party Hosted by Ransomware
Although technically simple to accomplish, the CryptoHost Ransomware's ransom method also includes some serious vulnerabilities that make it easier for victims to unlock their files at no charge. Each password string bases itself on an SHA1 hash of your PC's C drive volume serial, processor ID, and motherboard serial numbers. Since the same string also is the basis of the RAR file's name, the password is equivalent to the RAR's name plus your Windows account's username. Other researchers in the PC security industry also have provided free software for identifying the appropriate password in the CryptoHost Ransomware infections.
In its ransom message, if any attempt is made to remove the CryptoHost Ransomware, the threat claims that your RAR also will delete itself. To date, malware experts have found no evidence to back up this warning. However, some versions of the CryptoHost Ransomware do block various brands of anti-malware software, and the CryptoHost Ransomware may be maintaining a persistent system process (instead of triggering its payload and self-terminating).
You should use previously proven means of blocking the CryptoHost Ransomware, and other threats from running persistent processes in your PC's memory. Some of the simplest techniques available to casual PC users include using Task Manager to close the CryptoHost Ransomware or rebooting with Safe Mode, to prevent its original start-up. Anti-malware tools then are viable solutions for deleting your the CryptoHost Ransomware infection.
The CryptoHost Ransomware is semi-innovative as a ransomware campaign, but also shows many of the restrictions and oversights that one can discover in such attacks. In most cases, victims have no one to blame but themselves for losing money in exchange for file recovery services that they may or may not receive.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.