Cryptohasyou

.Cryptohasyou is a ransomware that encrypts various files stored on the infiltrated system, including .exe, .com, .bin, .dat, .sys, all .dmp, .information. .key, .pdb, .bat, .ps1, .vb, .ws, .wsd, .cpl, .reg, .dll, .ini, .msi, .pfx, .sct and .wsc. To do this, .Cryptohasyou uses the AES-256 algorithm with an RSA-2048 key.

Thus, private and public keys are generated during encryption. .cryptohasyou also creates a YOUR_FILES_ARE_LOCKED.txt file in each folder containing the compromised files. Note that this ransomware adds an .enc extension to all encrypted files, so it is easy to identify them.

The YOUR_FILES_ARE_LOCKED.txt file contains a message demanding ransom and stating that most of the victim's files have been encrypted. It goes on to say that the only way to restore them is to buy specific software (a decryptor) from the cybercriminals. According to the file, the victim has to pay a ransom of 0, and the price will increase by 0 every three days.

Retour au lexique

About ProHacktive

Contact

Cryptohasyou