Crystal Ransomware Locks Data Using the AES & RSA Encryptions
Crystal Ransomware is an encryption Trojan targeting computer users in Europe and the United States. It spreads mainly via email phishing campaigns that trick victims into downloading the infection onto their computers. The spam email messages associated with Crystal Ransomware are disguised as messages from legitimate companies and websites, and they deliver a corrupted Microsoft Word file.
This file contains macro scripts written using the Microsoft .NET framework and can infect most versions of Windows OS, going back to Windows XP and Windows Vista. Crystal Ransomware uses a combination of the AES and RSA encryption algorithms. It marks encrypted files with the ‘.CRYSTAL’ file extension, which is added to the end of each affected file.
Once Crystal Ransomware encrypts a file, it is no longer recoverable without the hacker’s coded decryption key. Crystal Ransomware also adds 32 bytes to the affected files’ header making the affected file’s size slightly larger.
Crystal Ransomware targets various file types including the following:
.avi, .cdr, .css, .csv, .dat, .db, .dbf, .dbx, .docm, .doc, .docx, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, and .php.
Crystal Ransomware will not encrypt files that Windows requires to function since they are necessary for the computer to work properly. Without them, you wouldn’t be able to contact the ransomware operators.
The best way to protect yourself from Crystal Ransomware is to leverage a reputable malware remediation tool. Users should also maintain offline backups of their files in the event they are infected.