GrodexCrypt Ransomware
Posted: June 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | June 5, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The GrodexCrypt Ransomware is a remake of a previous Trojan, the Crypt888 Ransomware, that modifies the victim's UI while keeping the original encryption attacks that let it block your files. Victims may remedy this file-locking behavior by recovering through backups or freeware after resolving the infection. Delete the GrodexCrypt Ransomware with dedicated anti-malware products, when possible, and before it starts encrypting anything on your PC ideally.
Covering Elderly Trojans with Splashes of Paint
The value in aesthetics is something that even the programmers of threatening software know all too well and is one of many aspects that they can use to trick a victim into doing what they want. However, a new look doesn't always imply new attacks; with Trojans like the GrodexCrypt Ransomware, the threat actor is doing little more than changing the shallowest parts of the program. Users who can divorce the symptoms they see from the tactics needed to resolve these attacks can avoid problems like being on the losing side of extortion.
Most of the GrodexCrypt Ransomware's code is identical to that of the old Crypt888 Ransomware, a Trojan that uses encryption for locking files on your PC. Such attacks tend to target documents, spreadsheets, pictures, and other content that are commonly used but not required by the operating system. Encrypting these files makes them illegible without a corresponding decryption that the GrodexCrypt Ransomware's author withholds for ransom.
The most significant contribute to this updated version of the Trojan is the GrodexCrypt Ransomware's new ransoming message, which uses an advanced HTML pop-up. Features malware analysts note within the message include:
- The GrodexCrypt Ransomware places its ransom payments on a two-day timer before, supposedly, deleting your encrypted media and the decryption key.
- The GrodexCrypt Ransomware uses an e-mail-based ransom negotiating method while asking for no more than 50 USD in Bitcoins, raising the chances of casual PC users being the intended targets of its attacks.
- The user can interact with some elements of the window, including a FAQ button and a more detailed payment button. The GrodexCrypt Ransomware's wallet address also uses an editable field, which is a hallmark of RaaS or Ransomware-as-a-Service Trojans.
The Trouble of Covering Old Age with New Beauty
The GrodexCrypt Ransomware's new threat actor has put some effort into making the Trojan look like a fresh, original program. However, the GrodexCrypt Ransomware's payload, including its encryption method, is identical to those in previous use by old threats. This detail is important, due to the high chance that free decryption software will be able to unlock any files that the GrodexCrypt Ransomware attacks. Malware analysts also note that no signs of the GrodexCrypt Ransomware are apparent including further features to destroy 'your whole computer,' as its ransoming message asserts.
Samples of the GrodexCrypt Ransomware are using names to pretend to be Windows components to hide after other threats install them.The GrodexCrypt Ransomware may bundle itself with free downloads, obscure its installation vehicle in an e-mail attachment, or use the drive-by-downloads of a Web page's exploit kit to compromise your computer. Keep your anti-malware programs patched and active to help them detect and remove the GrodexCrypt Ransomware during the installation attempt instead of after it encodes any of your content.
The cost of taking a Trojan's word in blind faith is always high, both monetarily, and for your security. Don't let new-looking Trojans like the GrodexCrypt Ransomware dictate how you respond to their fundamentally derivative strategies.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.