Crypt888: being lazy doesn’t pay

Back to Press Archive

Making lots of money quick is the objective of most ransomware. A current analysis from one of G DATA’s researchers also shows another potential motif for distributing

When looking at some of the „old hands“ of the ransomware scene, you will quickly realize that a lot of development work and quality assurance has gone into them.

Those often very elaborate pieces of malware deliberately make the life of an analyst more difficult by either leaving fals trails or leading analysts down one dead end after another.

In the case of “Crypt888” you might argue that it is not even a ransomware in the classical sense of the term, as no money is demanded for decrypting the data.

Subscribers desperately wanted

Not only high-profile YouTube channels always strive for a larger number of subscribers. Using ransomware to achieve this goal, however, is an idea that not many have had so far.

Someone used the AutoIT scripting framework to create a ransomware which seems to have exactly this in mind. If a machine is infected, the user – supposedly – is instructed to subscribe to a particular YouTube channel. A screenshot is to be submitted as proof via email.

That’s a solid F. Sorry.

When ransomware instructs its victims on how to make a payment, the instructions are always formulated very clearly and in a way that is easy to understand, unlike in the case of Crypt888. For one, the instructions are put on screen in a way that partly obscures the ransom note, and even if the text was visible in full, the demands are not immediately obvious.
When doing a web search on some of the terms from the ransom note, you come across one particular YouTube channel. Let’s just say that successful ransomware looks different.

Even the encryption of the files has been implemented in a way that is best described as shoddy and haphazard. According to our analyst, the developer has at best spent a few hours cobbling his ransomware together.

Further information

If you would like to know more about this odd bit of ransomware, you can read the full analysis by clicking the preview below. The report will open in a new window.

https://file.gdatasoftware.com/web/en/documents/whitepaper/G_DATA_Analysis_Crypt888.pdf


About G DATA

G DATA Software AG, with its head office in Bochum, is an innovative and quickly expanding software house focusing on antivirus security solutions. As a specialist in Internet security and pioneer in the field of virus protection, the company, founded in Bochum in 1985, developed the first antivirus program more than 20 years ago and celebrated its 25th birthday in 2010. Consequently G DATA is amongst the eldest security software companies in the world.
Over more than five years, no other European security software provider has won national and international tests and awards more frequently than G DATA. When it comes to quality, G DATA is a world leader, combining the world’s best security technologies in its antivirus products. Examples of this are its DoubleScan technology, with two independent virus scanners, and OutbreakShield instant protection. G DATA security solutions are available worldwide in more than 90 countries.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Press Archive