Crypto Sweet Tooth Ransomware Overview[]
The Crypto Sweet Tooth Ransomware is a new variant of the Hidden Tear open-source malware family. It is also known as the CryptoST ransomware and its creator is known as Santiago. It features an encryption engine that is powered by the AES cipher that targets specific file types. They affect the most commonly used documents, multimedia files, backups, configuration files and etc. All affected data are assigned with the .locked extension.
The virus depends on the .NET Framework 4.5.2 to run.
Crypto Sweet Tooth Ransomware Ransom Note[]
The virus then crafts a ransomware note which is written in Spanish. A machine-translated version of it reads the following:
YOUR PERSONAL FILES HAVE BEEN CIRCULATED BY Crypto-SweetTooth
Your photos, videos, documents and database have been encrypted by a powerful algorithm using a unique key generated by this computer.
How to recover the files?
To recover your encrypted files and receive security instructions so that this does not happen again, you must make a payment of 0.5BTC and send them to the following address: ILLEoST ***
Once the payment has been made you should send an email to the address bitcoin you use to send the funds. Once verified and confirmed you will be answered with the program and password to decrypt the files.
How to buy Bitcoins?
If you are in Argentina you can buy Bitcoins in the following companies:
• Ripio.com
• Satoshitango
• ArgenBTC
My Account
Advertisement
After having made the purchase from any of the pages mentioned above, you must send them to the Bitcoin address specified at the beginning, marked RED.
Crypto Sweet Tooth Ransomware Distribution[]
CryptoSweetTooth Ransomware infects mainly through spam email messages and infected software installers and updates. The binary files use random names. Some of the identifiied samples bear the following names:
- Bitcoin.exe
- bitcoin_factory_v1.0.2.exe
- CryptoSweetTooth.exe