Categories: EducationRansomware

Bitcoin Ransomware Education – PSCrypt

Ukraine is now a hotbed for testing new types of ransomware. Several types of malware have attacked computers across the country over the past two months. One of those ransomware strains goes by the name of PSCrypt. Even though this malicious tool has been around for some time now, we still know very little about this threat.

PSCrypt Doesn’t Like Ukrainian Computer Users

Security researchers were quite surprised to discover yet another ransomware attack mainly targeting Ukrainian computer users. PSCrypt surfaced a few days before the global NotPetya attack took place. This malware was mainly targeting people in Ukraine, who made up close to 80% of all of its victims. Cyber warfare is taking different forms these days, and it seems Ukraine is attractive to criminals.

What makes PSCrypt so troublesome is how little public information there is on it. However, we know PSCrypt is based on the GlobeImposter 2.0 ransomware strain, which has been in circulation since early 2016. As the name suggests, GlobeImposter 2.0 was a global malware threat, as it targets computer users and corporate systems all over the world.

This is what sets PSCrypt apart from most other types of ransomware, as it is only seems to target one country. Granted, there have been a handful of reports from other countries in the world, but they are very sporadic at best. Considering it was the third major cyber attack against Ukrainian computer users in a few weeks, it is clear something is going on behind the scenes.

Related Post

As far as the distribution of PSCrypt goes, it seems to spread itself through unsecured

Remote Desktop Protocol connections. Once the assailant gains access to an insecure system, they transmit a file containing the malware payload. Similar to virtually every other type of prominent type of ransomware in existence, PSCrypt will immediately encrypt all files on the computer. Some folders are exempt from the encryption process, including folder names with “Windows”, “Microsoft”, and “Temp”, among others.

PSCrypt has its own custom file extension, which is applied to all encrypted files. It also leaves a ransom note on the victim’s computer, which instructs users on how to make a Bitcoin payment to receive the decryption key. Interestingly, the note is written in Ukrainian, even though the malware’s source code contains an English version. It does not appear victims are asked to pay a fixed amount in Bitcoin, and the price will depend on how fast victims contact the assailants via email.

To make the Bitcoin Payment, victims have to go through a more complex method than usual. Using a command control server would have been much easier for both the assailants and their victims. It is unclear why they have not chosen this method, albeit we have seen other ransomware developers move away from using such a centralized point of failure over the past few weeks.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Quickex Expands Cryptocurrency Options with Over 200 Coins Available for Exchange

Quickex, a cutting-edge cryptocurrency exchange platform, announces a key milestone by enabling over 200 coins…

2 hours ago

EigenLayer Airdrop Attracts Legendary Trader GCR And Justin Sun’s Team

EigenLayer, the innovative blockchain project, has recently made headlines with its first season airdrop announcement,…

8 hours ago

Uniswap’s Latest Upgrade Allows Direct Purchases With Robinhood Balance

Uniswap, the leading decentralized exchange, has recently enhanced its functionality by integrating Robinhood Connect into…

8 hours ago

Anonymity vs. Transparency: BlockDAG’s Post-Forbes Dilemma

Anonymity vs. Transparency: Where Will BlockDAG Go After the Forbes Doxxing? The cryptocurrency market has…

9 hours ago

Top ICOs: BlockDAG, Dogeverse, 99BTC, WAI, eTukTuk & Others

Top 7 Crypto ICOs: BlockDAG’s Over $22M Presale Surge Outshines Dogeverse, 5thScape, WAI, 99BTC &…

15 hours ago

BlockDAG Revolution: Forbes Disclosure Propels It to New Heights

Forbes Disclosure Catalyzes BlockDAG Presale: Is This Crypto Innovation the Future or Just a Tech…

19 hours ago