CryptFIle2

CryptFIle2 (also known as Bandarchor) is a ransomware that sneaks into systems and encrypts files using the asymmetric algorithm. This ransomware adds the extension .id_[VICTIM_ID]_[EMAIL].scl to all encrypted files (for example, [original file name]_id_[victim ID]_email_crts@dr.com_.scl or sample.jpg.id_[VICTIM_ID][zeta@dr.com].scl ). Be aware that this ransomware generates two different keys (public and private) during encryption - "public" to encrypt and "private" to decrypt compromised files. The private key is stored on remote servers controlled by cybercriminals. Therefore, users have to pay a ransom to receive the decryptor with a built-in private key.