FANDOM


CryptoShocker is a ransomware that infiltrates computers and encrypts stored files. 

Payload

This virus appends the name of each encrypted file with a .locked extension. Types of targeted files include .jpeg, .doc, .mp3, and many others. After successfully encrypting data, CyptoShocker creates a shortcut (called ATTENTION.url) to its Tor website, placing it on victims' desktops.

The website contains a message stating that the victim's files have been encrypted. CryptoShocker employs an asymmetric AES encryption algorithm and, thus, public (encryption) and private (decryption) keys are generated during this process. Since decryption without the private key is impossible, developers of this ransomware attempt to sell the decryptor and private key to victims for $200. After paying the ransom, victims must refresh CryptoShocker's website and they will then supposedly be able to download the decryptor and private key. The ransom must be paid in Bitcoins (BTC).

Text presented on CryptoShocker's website:

Your files are currently locked. You must deposit the specified amount of Bitcoin into 
the address provided below.
Files have been encrypted and a .locked extension has been added. Your files are 
safe, only a decryption tool and key are required to regain access.
Payment Information
Please send $200 worth of Bitcoin to the following address:
1Kht9WjHZ2i2h9yfvLXt6Ari4wVCAfyLcP
Once payment has cleared this page will update to show the tool. Refresh the page or 
use the link on your desktop to gain access to your page.
Community content is available under CC-BY-SA unless otherwise noted.