ProposalCrypt Ransomware Overview[]
Security experts discovered a new threat known as the ProposalCrypt ransomware which is of unknown origin. At the moment of writing this article they have not been able to tell if this straiin is derived from a popular malware family or it is an independent creation.
The ProposalCrypt ransomware follows the usual behavior patterns. Upon infection it encrypts target user data using the AES cipher and then displays a ransomware note.
All affected files receive the .crypted extension.
ProposalCrypt Ransomware Note[]
!!!Warning Message!!!
We are sorry to say that your computer and your files have been encrypted but wait, don’t worry. There is a way that you can restore your computer and all of your files
To get your files fast, please transfer 1 Bitcoin to our wallet address
1Q6bd*****
and click “Check Wallet and Decrypt files” button.
Payment should be confirmed in about 2 hours after payment made.
—
Check Wallet and Decrypt files
—
How to buy Bitcoins?
Please check this website xxxxs://coinatmradar.com where you can find Bitcoin ATM all over the world.
ProposalCrypt Ransomware Affected Files[]
.001, .3fr, .7z, .accdb, .ai, .apk, .arch00, .arw, .asset, .avi, .bar, .bay, .bc6, .bc7, .big, .bik, .bin, .bkf, .bkp, .blob, .bsa, .c, .cab,
.cas, .cdr, .cer, .cfr, .class, .con, .cpp, .cpp, .cr2, .crt, .crw, .cs, .cs, .css, .csv, .d3dbsp, .das, .DayZProfile, .dbf, .db0, .dcr,
.der, .desc, .dmp, .dng, .doc, .docm, .docx, .dwg, .dxq, .epk, .eps, .erf, .esm, .exe, .ff, .flv, .forge, .fos, .fpk, .fsh, .gdb, .gho, .gif,
.h, .hkdb, .hkx, .hplg, .htm, .html, .hvpl, .ibank, .icxs, .im, .indd, .iso, .itdb, .itl, .itm, .iwd, .iwi, .jar, .java, .jpe, .jpeg, .jpg,
.js, .kdc, .kf, .layout, .lbf, .litemod, .lnq, .lrf, .ltx, .lvl, .m2, .m3u, .m4a, .map, .mcgame, .mcmeta, .mdb, .mdbackup, .mddata, .mdf,
.mef, .menu, .mlx, .mp3, .mp4, .mpq, .mpqge, .mrwref, .ncf, .nrw, .ntl, .odb, .odc, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pak,
.pdd, .pdf, .pef, .pem, .pfx, .pkpass, .png, .png, .ppt, .pptm, .pptx, .psd, .psk, .pst, .ptx, .py, .qdf, .qic, .r3d, .raf, .rar, .raw,
.re4, .rgss3a, .rim, .rofl, .rtf, .rw2, .rwl, .sav, .sb, .sb, .sc2save, .sid, .sidd, .sidn, .sie, .sin, .sis, .slm, .snx, .sql, .sr2, .srf,
.srw, .sum, .svg, .syncdb, .t12, .t13, .tax, .tor, .torrent, .ttarch2, .txt, .unity3d, .upk, .vdf, .vfs0, .vpk, .vpp_pc, .vtf, .w3x, .wb2,
.wma,.wmk, .wmo, .wmo, .wmv, .wotreplay, .wpd, .wps, .x3f, .xf, .xlk, .xls, .xlsb, .xlsm, .xlsx, .zip, .ztmp
ProposalCrypt Ransomware Distribution[]
ProposalCrypt ransomware strains are distributed mainly via infected binary files sent out through email spam messages, exploit kits, browser hijackers, malicious ads and etc.