Home Malware Programs Ransomware CryptoRoger Ransomware

CryptoRoger Ransomware

Posted: June 22, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 34
First Seen: June 22, 2016
OS(es) Affected: Windows

The CryptoRoger Ransomware is an encryption Trojan: a threat that uses encryption technology to block access to content. Remote attackers implement such attacks in the hope of reaping ransom fees in return for restoring your content, although paying a ransom never is a definitive solution. Always uninstall the CryptoRoger Ransomware with the anti-malware product of your choice while using third-party methods of recovering any damaged data.

A not-so-Jolly Roger for Your Files

Even with the hundreds of major variations of threatening file encryptors already in distribution, threat authors show no signs of slowing the pace of developing new ones. The CryptoRoger Ransomware is a new Trojan of this archetype only discovered by MalwareBytes researchers in the twenty-first of June. The CryptoRoger Ransomware corresponds to most of the trends in encryptor Trojans to date, with one exception: maintaining system persistence for future attacks.

The CryptoRoger Ransomware starts its payload with attacking files of as of yet unconfirmed formats, with documents, spreadsheets, images, and audio data being at a particular risk. The CryptoRoger Ransomware uses a robust AES-256 algorithm for encrypting all of that content, also adding '.crptrgr' extensions to each one. A text file inside the AppData folder stores data related to the attacked content and an HTML ransom message opens at the end of the process automatically.

All of these attacks are very traditional for any file encrypting Trojan. However, malware researchers also verified the presence of changes to the Windows Startup routine that enables the CryptoRoger Ransomware's automatic launch with each reboot. The CryptoRoger Ransomware then can encrypt any new files on the machine. This behavior differs significantly from past file encryptors, which rarely ran more than once, and sometimes even self-uninstalled after the fact.

Overcoming a File Pirate Before It Sails Off with Your Money

The CryptoRoger Ransomware's business model is reliant on PC users who don't protect their local data by backing it up to a remote source. Furthermore, it only can achieve future profitability from the ransoms paid by its victims. These ransoms never are guarantees of a working decryptor, and malware experts always endorse alternatives when practical, such as storing any important files on USB drives.

Due to the CryptoRoger Ransomware's more unique properties, you should avoid restarting an infected computer more than necessary for appropriate security protocols (such as using Safe Mode). The introduction of new files to your machine also should be eschewed until your anti-malware programs can remove the CryptoRoger Ransomware, including its Registry and startup components. Although the CryptoRoger Ransomware has shown no characteristics of having advanced security countermeasures, any manual removal does include the risk of harming components of unrelated software and even Windows.

The hundreds of dollars the CryptoRoger Ransomware's threat actors demand in exchange for returning your belongings back to you doesn't come with legal or technological protection that could verify a commensurate decryption service. If you believe the contents of your hard drive are valuable, taking steps to secure it before an infection occurs is vastly cheaper and safer than paying the CryptoRoger Ransomware's con artists and hoping for their goodwill.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



6b98fd062fbf0984dd3589edb092fa80 File name: 6b98fd062fbf0984dd3589edb092fa80
Size: 172.03 KB (172032 bytes)
MD5: 6b98fd062fbf0984dd3589edb092fa80
Detection count: 93
Group: Malware file
Last Updated: June 22, 2016
Loading...