Bitcoin Ransomware Education – Cryptorbit

There are a fair few types of Bitcoin ransomwares which have gone by almost entirely unnoticed, yet that doesn’t mean they are less of a threat. Cryptorbit has never been the center of much media attention, even though this piece of malware was known under the alias of HowDecrypt as well. 

Also read: What Is a Bitcoin Block?

Cryptorbit Does Not Discriminate Based On File Type

Similar to just about any kind of Bitcoin ransomware to ever exist, Cryptorbit has one simple goal: infect as many computers around the world as possible and to encrypt any and all files on the host. Whereas most types of Bitcoin ransomware would target specific file extensions, this malware does not differentiate between files and just encrypted everything.

No version of Microsoft Windows was safe during it’s infection period, as Cryptorbit was targeting any operating system from Windows XP to Windows 8. Once a computer has been infected, the user is left with a text file containing instructions on how to proceed and get rid of the infection.

However, there is a twist to how Cryptorbit goes about encrypting the files on a computer. Instead of completely encrypting the file, the malware only replaces the first 512 bytes of the file and appending them to the end of the infected file. As a result, the files would become corrupted, making it all but impossible to recover files by recovering them with a backup.

Related Post

However, this method of infection was not the best choice, as it is rather easy to find a tool which will restore file headers to their original status. But that is not all, as the Bitcoin ransomware is also capable of creating dummy files on the device, and install a piece of Bitcoin mining software.

Installing this software would not only encrypt the files on a computer, but it would use up a lot of resources attempting to mine Bitcoin at the same time. Even though only the computer’s CPU cores would be taxed during this process, it can slow down the infected machine by quite a margin despite not generating much revenue at all.

As part of the repair process, users were redirected to a website using the Tor protocol where they would see further instructions on how to make the Bitcoin payment. In most cases, the ransom value was set at US$500, Unlike other types of Bitcoin ransomware, Cryporbit didn’t seem to increase the ransom value after a certain amount of time has elapsed.

Source: Bleeping Computer

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

26 mins ago

Early ENS Investor Transfers $2.47M To Binance Amid Upcoming Token Unlocks

An early investor linked to the $ENS token recently transferred 154,000 ENS tokens, valued at…

29 mins ago

Wintermute’s Memecoin Strategy: BABYDOGE Ranks Among Top 3 Holdings

In a surprising turn, $BABYDOGE has climbed to the top three in Wintermute’s memecoin holdings…

36 mins ago

$Pnut’s Meteoric Rise: How A Tragic Squirrel Inspired A Memecoin Sensation

The $Pnut memecoin recently soared past a $120 million market cap, creating unexpected wealth for…

42 mins ago

Political Memecoins And High-Stakes Bets Surge As Election Approaches

With election season heating up, political memecoins like $PEOPLE, $MAGA, $HARRIS, and $TRUMP are surging.…

48 mins ago

TRX Price Prediction: Tron Network Fee Cut to Spark New ATH?

Back into Spotlight: Tron Network Fee Cut Could Push TRX to ATH, But This DeFi…

10 hours ago