Crash Ransomware

What is Crash Ransomware?

Crash Ransomware is a file-encrypting infection, and it was created for two reasons, which are to infect your system and introduce you to a message. The cybercriminals who stand behind this malware might use spam emails, bundled downloaders, and remote access vulnerabilities among other security backdoors to help this malware infiltrate your operating system without your notice. Once inside the system, the threat continues to hide itself, and so it can encrypt files silently. Once files are encrypted, Crash Ransomware deletes itself. According to the Anti-Spyware-101.com research team, the infection might leave some components behind, and so it would be irresponsible to just ignore the attack once you discover the encrypted files. In fact, before you proceed reading this report, we advise installing a free malware scanner that will determine if there is anything that you need to remove. To learn more about the threat, continue reading.

How does Crash Ransomware work?

According to our malware research team, Crash Ransomware was created using the Scarab Ransomware source code, which means that it comes from the same group of malware as Li Ransomware, Scarab-Apple Ransomware, MVP Ransomware, and many other infections. Of course, every threat from this family needs to be analyzed as an individual and unique threat. Based on our initial research, we can tell you that Crash Ransomware encrypts files in the %PROGRAMFILES(X86)% and %USERPROFILE% directories, as well as the %USERPROFILE%\Desktop and %USERPROFILE%\Contacts folders. If you have any personal files stored in these locations, they are encrypted, and the “.bin” extension is added to their names. For the most part, malicious file-encryptors add unique extensions to ensure that victims can recognize which files were encrypted quicker. Without a doubt, the attackers behind this malware do not care about your files, and that is why they have used a complex encryption algorithm to change the data within them. That is why they are unreadable after encryption.

In some cases, free decryptors are able to restore files, but, at the time of research, this was not an option for the victims of Crash Ransomware. Unfortunately, that can make the job of cybercriminals much easier, because if you are out of options, you might choose to follow the instructions that are presented via the “Напишите на почту - bin420@cock.li” file. This file is created on the Desktop, and the message inside informs that you have to pay to have your files decrypted. The exact sum of the ransom is not revealed, but if you email bin420@cock.li, you are meant to be provided with the information you need. Unfortunately, the ransom note is intimidating, and victims are informed that their files would be deleted or that the ransom sum would increase significantly if the victim did not take action promptly. Well, if you send a message to the attackers behind Crash Ransomware, they could flood you with spam and phishing emails. Of course, they would ask for money from you first, but if you pay the ransom, you are unlikely to get what you need. Due to this, we do NOT recommend emailing the attackers or paying the ransom.

How to delete Crash Ransomware

It is crucial to have backups of your personal files. Even if you do not face Crash Ransomware or another malicious file-encryptor in the future, there are plenty of other malicious infections that could harm them. Also, you could lose your files if your computer gets stolen or if the hard drive is destroyed. Of course, not all backups are the same. It appears that the safest option is to use an external drive or cloud storage to save copies of your personal files. If you stick to internal backups, you could regret it because there are infections that are capable of destroying them. Hopefully, you can replace the corrupted files because we really do not think that the solution suggested by the attackers should be considered at all. Most likely, if you pay the ransom, you will end up wasting money without gaining anything in return. As for the removal, you already know that Crash Ransomware removes itself, but you still need to inspect your system. We advise employing automated anti-malware software. If there is anything that requires removal, it will be eliminated, and your system will gain reliable protection too.

Removal Instructions

1. Check your system for ransomware-related files.
2. If malicious files exist, right-click and Delete them.
3. Right-click and Delete the Напишите на почту - bin420@cock.li file.
4. Empty Recycle Bin and then immediately install a malware scanner.
5. Scan the system and delete threats if they are found. Download Removal Tool100% FREE spyware scan and
   tested removal of Crash Ransomware*