Some of the more modern types of Bitcoin ransomware pose a significant threat to computer users to this very day. Crypvault is in the top three on that list, as this kind of malware includes some new routines that make life even harder for infected users. In fact, this is the first type of ransomware to include an antivirus toolkit preventing users from accessing files.
Also read: MAIDsafe Technical Analysis for 03/07/2016 – Trading Between Pivot Zones Crypvault Quarantines Computer Files After Encryption
Any type of Bitcoin ransomware is annoying enough to deal with because it encrypts necessary file extensions on the computer. Not only are these files inaccessible to the end user, but most types of malware will also prevent users to restore files from a backup, as they affect shadow volumes in the file system.
Crypvault is proving to be quite an annoying type of Bitcoin ransomware in that regard. This malware encrypts files by appending a “.VAULT” extension to the data, but it also includes an antivirus service that keeps these files quarantined for a period of time. Unlike traditional antivirus solutions, which ensure ransomware infections cannot occur in the first place, this version is making life even more difficult for the computer owner.
Bitcoin ransomware has a habit of spreading through email attachments in the form of ZIP and image files, and Crypvault is not entirely different in that regard. However, this malware uses JavaScript files to infect computers, which will then download four different files from the malware’s C&C server .
As soon as these files are downloaded on the computer, Crypvault will execute the ransomware and save the downloaded files in the %USER TEMP% folder on the computer. Most of the existing antivirus software solutions will not flag these downloaded items as malicious, […]
