Crypt888 is a type of ransomware that prevents users from accessing files by encrypting them with the “Lock.” extension. First seen in June 2016, the initial Crypt888 ransomware is part of a family of ransomware that began with an attack by the MIRCOP malware in 2016.
How do devices get infected with Crypt88 ransomware?
The most common vector for infection is through a drive-by download from a fraudulent email. Phishing, wherein cybercriminals utilize social engineering to trick users into clicking malicious attachments or links on what appear to be official emails, is the most common method of infection. Another possible cause of infection is a malicious website that hosts infected files.
How does Crypt888 ransomware work?
Once a device has been infested, Crypt888 begins by disabling Microsoft’s User Access Control (UAC), which typically protects systems against malware by restricting certain functions to administrator privileges.
Crypt888 then begins crawling through user and public folders, encrypting images, documents, videos, and other file types. This type of ransomware utilizes AES and RSA algorithms to encrypt files by adding the extension “Lock.” to them, rendering them inaccessible to users. For example, a video image affected by Crypt888 ransomware would have a filename like Lock.image.png.
Once the files have been encrypted, Crypt88 changes the system’s desktop wallpaper to show the cybercriminals’ ransom demands, typically in the form of cryptocurrency.
How to protect devices from Crypt888 ransomware
According to a study, Crypt888 ransomware was originally developed for older Windows systems such as Windows 7 and Vista. Because of this, the malware’s code has not been updated, preventing Crypt888 from bypassing Microsoft’s UAC for systems running on Windows 8 or higher. Despite that, due to how easy it is for cybercriminals to utilize and deploy this ransomware, organizations should proactively employ IT security best practices to prevent ransomware attacks.
-
Education
For organizations with large IT environments, training employees to understand and identify email spoofing and other phishing techniques lessens the risk of them clicking malicious links and infecting their Windows devices.
Read our guide to identifying phishing emails.
-
Backup critical data
Regularly backing up systems and vital data allows businesses to simply restore encrypted data without having to decrypt infected files or entertain ransom demands. IT departments should invest in backup software to reduce downtime from ransomware attacks and ensure fast restoration.
-
Utilize antivirus software
Turn to reputable antivirus solutions that can seamlessly integrate with your IT infrastructure. Antivirus software helps mitigate cyberattacks by detecting ransomware and preventing it from encrypting sensitive and critical data.
-
Regularly update devices
Keep your Windows operating system and all software updated. Ransomware can exploit software vulnerabilities that are often easily removed through consistent patching. Automated patch management software streamlines updates, allowing IT administrators to identify missing patches and schedule the deployment of updates during the least disruptive hours in a day.
Conclusion
Crypt888 ransomware poses a significant threat to businesses by preventing end-users from accessing files. Always be prepared for potential cyberattacks by investing in reliable ransomware backup software to ensure that any valuable files or confidential data can be restored.
