If your files have been encrypted and their extensions appended with a “.BLOCKED” file extension, then your PC might have been infected with Crystalcrypt Ransomware, a program designed to encrypt files and then demand that their owners pay a ransom to recover their files. Removing this malicious program is highly recommended because complying with the demands of this ransomware’s creators is risky as they can take your money without giving you the decryption key. This article is dedicated to overview Crystalcrypt Ransomware as you can get it on your PC accidentally because it is distributed using email spam.
Like most ransomware-type computer infections, Crystalcrypt Ransomware was configured to encrypt your files with an advanced encryption algorithm. Admittedly, this particular uses both RSA 2048 and AES 256 encryption algorithms to ensure a strong encryption. This ransomware creates a public encryption key and a private decryption key. The decryption key is not stored locally as it is sent to this ransomware’s server. The only way you can get the decryption key is by paying the hefty 0.17 BTC ransom which is 475 US dollars.
Paying the ransom is not recommended as there is no guarantee that you will receive the decryption key. Furthermore, paying the ransom might not be worth the money. Research has shown that this ransomware was configured to encrypt documents, pictures, executables, and so on. However, your PC should remain entirely functional because this ransomware does not touch system files. This ransomware appends the encrypted files with a “.BLOCKED” file extension which serves to indicate that a file has been encrypted. Once this ransomware has completed the encryption process it drops a text file named CrystalCrypt_Recover_Instructions.txt into each folder where a file was encrypted.
As you can see, Crystalcrypt Ransomware is one nasty piece of programming. After doing some digging we found that this new ransomware is nearly identical to LightningCrypt Ransomware. Therefore, we conclude that both of them come from the same developers. Furthermore, we assume that these developers will release more ransomware like these two in the near future.
As far as this ransomware’s dissemination methods are concerned, we have found that it is distributed in the same way as its previously released clone. We have found that Crystalcrypt Ransomware’s developers have employed email spam to get it onto your PC. As far as we know, it is sent to random email addresses as this ransomware does not target any specific demographic. The emails are sent from a dedicated email server and they are most likely made to look like they come from a legitimate company or even several companies. Typically, such emails try to trick users into thinking that they contain an invoice, receipt or something similar. If you open the file, your PC may be automatically infected by this ransomware. Furthermore, the executable file itself can be disguised as a MS DOC or PDF file. Therefore, you should be wary of emails from unknown addresses, especially those that come from obviously suspicious email account names.
We hope that you found this article insightful. Unfortunately there is not too much information about this program at this time as it is relatively new and has not been fully analyzed and explored. Still it is paramount that you protect your PC against it as it features a very strong encryption algorithm. If your PC has already been infected by Crystalcrypt Ransomware, then the only thing you can do at this point is remove it. We suggest using SpyHunter’s free malware detection function and then go to the location of the ransomware and delete is manually.