FANDOM


NETCrypton is an encryption ransomware Trojan that spreads as a key generator for the Data Recovery Wizard, a program that is developed by EaseUS. NETCrypton targets victims that are not willing to pay for legitimate backup tools and instead try to find pirated solutions to gaining access to this software kind specifically.

NETCrypton functions like most encryption ransomware Trojans, taking the victim's files hostage and then demanding payment of a ransom from the victim in exchange for the decryption key necessary to restore the affected files.

Payload

NETCrypton Ransomware, before its attack, delivers the following dialog box:

ARE YOU SURE YOU WANT TO EXECUTE THIS RANSOMWARE?
[OK|Button] [NO|BUTTON]

If computer users choose 'No,' then NETCrypton is deactivated, and it will no longer carry out its attack. Choosing 'OK' triggers NETCrypton's attack, and this Trojan will encrypt the victim's data using a strong encryption algorithm. NETCrypton targets a wide variety of file types in its attack, searching for the user-generated files, which can include media files and a variety of documents. The following file types are some of the ones that are targeted by NETCrypton attack and similar infections:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, 
.cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, 
.h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, 
.mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, 
.ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, 
.svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, 
.xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

NETCrypton runs on infected computers as 'EaseUSDataRecovery.exe.' The NETCrypton Ransomware uses a strong encryption method that makes it impossible to restore the files encrypted by NETCrypton attack. NETCrypton marks the files encrypted by the attack by adding the file extension '.encrptd' to each affected file's name. NETCrypton changes the infected PC's desktop image into a black screen with a red text after encrypting the victim's files. In this message, NETCrypton delivers the following text:

Community content is available under CC-BY-SA unless otherwise noted.