Bitcoin Ransomware Education – CryptoGod

Some ransomware developers feel they are in a league above the rest. This is evident when looking at the name of some ransomware strains in circulation right now. CryptoGod is a clear example of how things are getting a bit out of hand. The developers also rename encrypted files to the “.payforunlock” extension. It is quite a deliberate ploy, but the question is whether or not one should even be concerned about this malware.

A Closer Look at the CryptoGod Ransomware

When security researchers first came across the CryptoGod ransomware sample, they were quite surprised. Not just because it uses one of the most deliberate names we have seen in the past few years, but also how it is based on a different recently discovered malware by the name of MoWare H.F.D. This particular malicious software has been in circulation since May of 2017 and has already made quite the name for itself.

It is believed the person – or group – responsible for creating CryptoGod are the same individuals deploying Zilla and KKK ransomware strains. The main objective is to test as many malware strains as possible and gradually introduce new features. Right now the developers seemingly focus on avoiding detection and spreading the virus to other users. This is rather common behavior among ransomware families these days. However, by introducing different features in different variations, the criminals increase their chances of being successful.

CryptoGod is a very credible threat to computer users around the world, to say the least. Everyone who uses a desktop or laptop computer should be making data backups as of right now. A lot of users still do not do so, and these are the ones who will be impacted the most by this ransomware if they ever get infected. It appears CryptoGod is more than capable of corrupting data when a payment is not made in time, which is a worrisome development.

Speaking of encrypting files, the CryptoGod ransomware uses its very own file extension. In fact, it is one of the more direct file extensions we have seen. Instead of appending the “cryptogod” extension, it uses the “payforunlock” file extension. It is evident the developers expect victims to just cough up the money if they want to restore file access. It does appear restoring data from a backup is possible, although future iterations of this ransomware may prevent this “easy” fix in the future.

In the ransom note, victims are asked to make a small payment of just 0.03 Bitcoin. That is awhole lot lower compared to some other types of ransomware we have seen in recent weeks. Lowering the payment amount often increases the odds of receiving a payment. However, there is no automated payment page, and users will need to email the criminals directly to make the payment and receive their decryption key.

For the time being, there is no free decryption tool available for CryptoGod. That is not surprising, as the number of new ransomware types is growing exponentially. However, with the opportunity to restore files from a backup, most victims will have nothing to worry about. The bigger question is how this malware will evolve over time, and what types of other features we can expect moving forward.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.