Our friend Larry Abrams at Bleepingcomputer alerted the world about a new strain of ransomware called DynA-Crypt that was put together using a malware creation kit by people that are not very experienced, but have a lot of destruction in mind.
Larry said: "DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim's computer.
"Ransomware and information stealing infections have become all-to-common, but when you combine the two into the complete mess that DynA-Crypt is, you are just left with a big pile of steaming **** that just makes a mess of a victim's programs and data.
"The problem is that this ransomware is composed of numerous standalone executables and PowerShell scripts that just do not make sense in some of the actions they perform. It not only encrypts your files while stealing your passwords and contacts, but it also deletes files without backing them up anywhere."
A DynA-Crypt Infection Means A Full-blown Data Breach
While running, DynA-Crypt will take screenshots of your active desktop, record system sounds from your computer, log commands you type on the keyboard, and steal data from numerous installed programs like Skype, Chrome, Minecraft and many others. When stealing this data, it will copy it into a folder called %LocalAppData%\dyna\loot\, When it is ready to send to send to the developer, it will zip it all up into a file called %LocalAppData%\loot.zip, and email it to the developer.
The Ransomware Portion of DynA-Crypt can be Decrypted
The ransomware portion of DynA-Crypt is powered by a PowerShell script that uses a standalone program called AES to encrypt a victim's data. This script will scan a computer for files that match the following extensions and encrypt them.
When it encrypts a file it will append the .crypt extension to the encrypted file's name. That means a file named test.jpg would be encrypted and renamed as test.jpg.crypt. The ransomware will also delete the computer's Shadow Volume Copies so that you are unable to use it to recover files.
When done encrypting a computer, DynA-Crypt will display a lock screen asking you to pay $50 USD in bitcoins to an enclosed bitcoin address. Thankfully, at this time nobody has paid a ransom.
Get Your Decryptor At Bleepingcomputer
The good news is that this thing can be easily decrypted, so do not for any reason pay the ransom if you are infected with this program. If you need help with this ransomware, just leave a comment and a decryptor will be provided.
Decrypting the files in this case is not your major headache, the data breach is. Get your CEO Fraud Prevention Manual, which has the immediate steps you need to take in case of a data breach.
CEO Fraud Prevention Manual Download
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser: