This threat is not quite new – CryptorBit ransomware virus was first introduced in late 2013 on the tail of the CryptoLocker we reported on several times last year; but CryptoBit has a new spin, and has been increasingly active in the recent days.
6 Quick facts about CryptorBit
- CryptorBit, or as it is also known, HowDecrypt, is ransomware that is affecting a variety of IT consultants, businesses and end users who have been affected by this increasingly elusive threat.
- CryptorBit targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8.
- This malware is most likely to spread through email attachments and malicious websites.
- CryptorBit scans the computer and corrupts any data file it finds regardless of the file type or extension, by encrypting the first 512 bytes of data in that file and replacing them with illegitimate data. There are unconfirmed reports that suggest that a technique has been developed to repair the file’s header and recover corrupted files, but it is possible that your data may be unrecoverable.
- After it encrypyts the files, CryptorBit creates additional files named HowDecrypt.txt file and a HowDecrypt.gif in every folder that a file was encrypted. The GIF and TXT files advise to pay a ransom and instruct on how to access a payment site that can be used to send in the money. This payment site is located on the Tor network (Anonymity Online project) and only accepts the Bitcoins for payment.
- CryptorBit also carries is a Cryptocoin Miner, a component that utilizes infected computer’s CPU to mine digital coins, such as Bitcoin or other coins, for the malware developer, generating further revenue for the crooks.
If a malware infection occurs in your Computer Network , it may be necessary to have your entire environment restored from a clean backup. Should this occur, you may loose some recent work and may be unable to access your environment while the infection is researched and removed.
powersolution.com practices defense in depth utilizing multiple anti-malware layers and vendors; however, no vendor can guarantee 100% effectiveness against all malware. End user behavior is essential in the rapidly evolving fight with malware.
We are committed to providing continued excellent support to meet your business needs. Please contact powersolution.com with any questions.