DetoxCrypto Ransomware
Posted: August 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 6,623 |
---|---|
Threat Level: | 10/10 |
Infected PCs: | 4,665 |
First Seen: | August 22, 2016 |
---|---|
Last Seen: | October 10, 2023 |
OS(es) Affected: | Windows |
The DetoxCrypto Ransomware is a file encryption Trojan that makes harmful changes to your file data as a means of holding it hostage. Since paying ransoms to the DetoxCrypto Ransomware's administrators is a risky way of recovery that encourages further threat development, you should look to alternate solutions, such as keeping remote backups, whenever possible. After identifying the symptoms of an attack, always remove the DetoxCrypto Ransomware through an anti-malware product to stop it from damaging any additional data.
Catching the Worst 'Pocket Monster' of All: A Trojan
Like any widespread social phenomenon, the popularity of Pokemon Go has served as a publicity platform for the thematic design of some threat campaigns. The Pokemon GO Ransomware was the first of its type to be identified, but now malware experts can confirm a new Trojan using similar themes: the DetoxCrypto Ransomware. Unlike the Pokemon GO Ransomware, the DetoxCrypto Ransomware appears to be the starting point of a new family of ransomware-based Trojans being sold or rented to third parties.
The DetoxCrypto Ransomware is circulating in two versions with almost identical code and file system behavior currently, but different ransoming messages. The non-Pokemon-themed version of the DetoxCrypto Ransomware also includes a screen-capturing function during its launching, which raises the possibility of the inclusion of significant spyware attacks in a future campaign by the threat. Both versions of this threat include a file encryption attack, a desktop-hijacking image serving as their ransom note, associated sound files, and an additional extortion message in a pop-up.
The DetoxCrypto Ransomware uses a fake MicrosoftHost.exe file to run its encryption attack, which uses an algorithm to change the PC's information to a custom cipher text. The included ransom messages ask for a Bitcoin payment before the remote attackers will send the decryption key to you. Malware experts also noted the inclusion of a time limit for taking payments as a continuance of a common social engineering technique, currently in use on the Pokemon variant of the DetoxCrypto Ransomware.
Detoxifying Your PC of the Newest Threat
Similarly to the Troldesh Ransomware, the DetoxCrypto Ransomware's two variants use e-mail address-based extortion methods, rather than the Tor website navigation that some threats require. However, the two families appear to be unrelated to each other, and the DetoxCrypto Ransomware does not show other traits typical of the former group (such as using ID numbers that the Trojan inserts into the names of your files). Like all recently identified threat, the DetoxCrypto Ransomware may be able to avoid being caught by security products still using outdated threat databases.
The PC security sector has yet to release a decryption solution specific to the DetoxCrypto Ransomware, which leaves current decryption possibilities in the hands of the remote attackers controlling its campaigns primarily. Paying con artists to decrypt your information may cause further damage to your files through a faulty decryption program, or, in the worst cases, result in your losing the ransom money for no benefit. For PC users with information in need of preservation from these attacks, malware experts recommend keeping backups on cloud servers, USB devices, and other drives that the DetoxCrypto Ransomware can't infect.
The DetoxCrypto Ransomware incorporate content with misleading names, including at least one file that disguises itself as a part of a Microsoft product. Using automated anti-malware solutions for uninstalling the DetoxCrypto Ransomware provides the best chances of not overlooking any of its files during the deletion process. However, even in spite of the best resolution strategies possible, PC users who aren't protecting their data may find that the sight of a Pokemon's mascot Pikachu has become a symbol of permanent file damage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.