Home Malware Programs Ransomware icrypt@cock.li Ransomware

icrypt@cock.li Ransomware

Posted: September 19, 2018

The icrypt@cock.li Ransomware is a variant of the Dharma Ransomware sub-section of the Crysis Ransomware family. Attacks by this threat lock prominent media types, such as DOCs or BMPs, and hold them for ransom payments that it demands through its text and local Web page-based messages. While there is a free decryption solution for the Dharma Ransomware's branch, the users should keep backups as an extra precaution, and have their anti-malware products protect their PCs by removing the icrypt@cock.li Ransomware, when appropriate.

The Next Crypt for Your File Data

With the Crysis Ransomware's owners providing their Trojan product to third-party criminals for competitive prices, threat actors are finding it easy to commit crimes such as sabotaging data and making money off of doing so. The icrypt@cock.li Ransomware is far from being the first variant of this family for this year, although being a part of the Dharma Ransomware sub-branch does differentiate it from similar members like the '.gamma File Extension' Ransomware or the Sepsis Ransomware. Like most of its relatives, the icrypt@cock.li Ransomware pretends that it's a component of Windows while it busies itself with blocking your files.

Malware experts can confirm victims for the icrypt@cock.li Ransomware's live campaign without any details into its infection methods. However, if it's deploying similarly to other, file-locker Trojans, the icrypt@cock.li Ransomware is likely for exploiting weak network logins or spam e-mails for the infection stage. Then, it hides as a fake 'svchost' process while encrypting data with AES or Blowfish ciphers. Whether or not the icrypt@cock.li Ransomware's attack is reversible by the public Dharma Ransomware decryptor isn't determined, yet, since this family acquires regular updates that improve its features and cryptographic security.

The icrypt@cock.li Ransomware uses a different extension ('.monro') for denoting the media that it blocks than its recent ancestors. However, other filename format changes are traditional for the latest versions of the Dharma Ransomware, as are its means of displaying ransom notes. The icrypt@cock.li Ransomware creates advanced HTML files and TXT files for giving the victim its ransoming demands, which, as always, malware experts recommend ignoring until other data restoration solutions, especially, free ones, are tested.

Burying the icrypt@cock.li Ransomware's Profits Where They Belong

An interesting detail concerning the latest sample of the icrypt@cock.li Ransomware's executable is that it's pretending that it's a password generator application. Such a disguise might correlate with the threat actors encouraging victims into downloading the program via unsafe sources, such as torrents, and compromising PCs at random. This strategy would be a not-insignificant break from the ones that most of the Ransomware-as-a-Service industry uses, which emphasize business environments and either spam e-mails or brute-force attacks.

Even though there is a decryptor for the icrypt@cock.li Ransomware's family available to the public, there's no certainty that it will be compatible with the latest update of the Trojan. Always backup any media of value to other devices that aren't vulnerable to infections from file-locker Trojans, which may compromise network-accessible drives or any storage devices that you leave plugged into the PC. The anti-malware industry as a whole also detects the Crysis Ransomware members at high rates, and their products should remove the icrypt@cock.li Ransomware without any issues, typically.

Whether the icrypt@cock.li Ransomware is trying to ransom entire servers' worth of information or just the pictures of a single person, it's a threat that requires effort from its victims for stopping. The value of a backup and a good password is always approximate to the value of the contents of the PC that you're using.

Loading...