CryptoWire is a ransomware trojan that runs on Microsoft Windows. It is being distributed for free on Github as a 'proof of concept' of ransomware. However, a working version of CryptoWire was easy to download and implement.
CryptoWire is being offered for 'educational' purposes. This supposed educational approach had failed numerous times before with other, similar threats, which were simply adapted by con artists to carry out attacks on unsuspecting computer users.
CryptoWire uses an advanced encryption algorithm, the AES-256, to encrypt the victim's files and prevent them from accessing their data. CryptoWire will avoid the following directories when carrying out its encryption on the victim's computer:
- Program Data
- Program Files
- Program Files (x86)
CryptoWire will encrypt all files on the victim's computer, including files in network folders, removable memory devices connected to the infected computer and all local drives. CryptoWire also will target files contained in shared folders and similar locations. This makes CryptoWire substantially more threatening than many other ransomware Trojans that do not have this capability. CryptoWire encrypts absolutely everything, without any exceptions, as long as it is not contained in one of the folders listed above. CryptoWire also takes steps to make sure that its attack is permanent. CryptoWire deletes all shadow volume copies and backup images and re-writes them ten times, which makes them inaccessible permanently. This is a considerably thorough attack for a ransomware Trojan that supposedly only functions as a 'proof of concept.'
CryptoWire does not change the targeted files' extension, unlike other ransomware Trojans. CryptoWire will deliver all information about the attack to a remote server. CryptoWire will corrupt the boot file, preventing startup repair and enabling CryptoWire to run automatically when Windows starts up. CryptoWire displays the following message in an error message: