There are a fair few types of Bitcoin ransomware which have gone by almost entirely unnoticed, yet that doesn’t mean they are less of a threat by any means. Cryptorbit has never been the center of much media attention, even though this piece of malware was known under the alias of HowDecrypt as well.
Also read: What Is a Bitcoin Block? Cryptorbit Does Not Discriminate Based On File Type
Similar to just about any kind of Bitcoin ransomware to ever exist, Cryptorbit has one simple goal: infect as many computers around the world as possible and encrypt any file on the device. Whereas most types of Bitcoin ransomware would target specific file extensions, this malware did not differentiate between files and just encrypted everything.
No version of Microsoft Windows was safe during this infection period, as Cryptorbit was targeting any operating system from Windows XP to Windows 8. Once a computer has been infected, the user is left with a text file containing instructions on how to proceed and get rid of the infection.
However, there is a twist to how Cryptorbit goes about encrypting the files on a computer. Instead of completely encrypting the file, the malware only replaces the first 512 bytes of the file and appending them to the end of the infected file. As a result, the files would become corrupted, making it all but impossible to recover files by recovering them with a backup.
However, this method of infection was not the best choice, as it is rather easy to find a tool which will restore file headers to their original status. But that is not all, as the Bitcoin ransomware is also capable of creating dummy files on the device, and install a piece of Bitcoin mining software.
Installing this software would not only encrypt he […]
