The CrY-TrOwX Ransomware is a low-quality file locker, which is entirely based on the HiddenTear project, an open-source piece of ransomware that can be tailored to fit the needs of cybercrooks. Although the intentions of HiddenTear’s author were to provide researchers with an easy to test file-encryption Trojan, it took the cybercrooks just a few weeks to discover that they can plagiarize HiddenTear’s source code and modify it slightly to create a working file locker. The good news is that just like other variants of HiddenTear, the CrY-TrOwX Ransomware also is decryptable since it uses a flawed method to generate the key used to encrypt the files of the victim.
The author of the CrY-TrOwX Ransomware has not added new features to the threat, and the only notable difference between it and the original HiddenTear version is that this one replaced the desktop wallpaper with an image that the threat brings to the victim’s computer. Regardless of the lack of any new functionality, the CrY-TrOwX Ransomware is still capable of causing a lot of damage by encrypting the contents of various media files, documents, archives, backups and other file formats. The locked files are easy to recognize due to the ‘.locked’ extension that will be added to their names during the attack.
When the CrY-TrOwX Ransomware completes the file-encryption stage, it will proceed to replace the desktop wallpaper, as well as create the file ‘READ_AND_CRY_.txt,’ which contains the ransom note. As expected, the cybercrooks behind the CrY-TrOwX Ransomware are not willing to provide their services for free, and they are likely to demand money from the victim. However, the ransom message does not state the exact sum of money that the attacker demands and, instead, it simply instructs victims to get in touch with the perpetrators by messaging [email protected] The wallpaper also contains some text, which includes the latter e-mail address.
‘Hello All Your Important Files Are Encrypted by CrY!
Communicate With Us To Save Your Files!
E-Mail Address : [email protected]’
We advise victims of the CrY-TrOwX Ransomware to disregard the instructions of the attacker, because they do not need their help to recover their data. However, before attempting any file recovery operations, you must make sure to fully remove the CrY-TrOwX Ransomware’s components from the computer. The swiftest and most reliable way to ensure this is to run an up-to-date anti-virus scanner that will take care of all corrupted files. Afterward, you need to download and run a free HiddenTear decryption utility that will guide you through the file recovery process.