- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
We want to warn our Spanish-speaking readers that there is a new ransomware-type computer infection called Cryptoshadow Ransomwar. It is distributed both in Europe and South America and you can fall victim to this malicious application if you do not protect your PC with an anti-malware program. A good anti-malware application can stop this infection dead in its tracks and remove it without difficulty. However, if you do not have such an application, then your computer can get infected with this ransomware, and if it gets onto your computer, then it will encrypt many of your files and target your personal files specifically.
Similarly to Kaandsona Ransomware, Mns Cryptolocker Ransomware, Firecrypt Ransomware, and many others, Cryptoshadow Ransomware is disseminated secretly via email spam. Dissemination via email spam involves placing either the primary executable or a dropper executable in a .zip archive and disguising it as legitimate files of some nature. The text of the email can insist that it is an invoice or a document of some nature that features a double file extension to pretend that it is an MS Word or PDF file. If you open the attached file, it will download and drop this ransomware on your PC instantly.
If Cryptoshadow Ransomware were to get onto your computer, it will run automatically and connect to its command and control server immediately. Then, it will scan your PC for files of interest and begin encrypting them. Our research has revealed that this ransomware uses the AES encryption algorithm to encrypt your files. This particular algorithm ensures a strong encryption, so decrypting your files is not an easy task. It requires a dedicated decryption tool and key, and if you want to get it, you have to pay an unspecified sum of money to this ransomware’s developers. A free decryption tool for this particular malware has not been created yet, but it might be in the near future. While encrypting your files, this ransomware will append them with either a “.exit” or “.doomed” file extension.
Once the encryption process is complete, this ransomware will drop a file named LEER_INMEDIATAMENTE.txt which is a text file. It features a note in the Spanish language. It says that your files were encrypted, but does not provide information on how you can pay the ransom to decrypt your files, but we do not recommend paying the ransom because you might not receive the promised decryption tool and key.
In concussion, Cryptoshadow Ransomware is a typical ransomware-type program that is dedicated to encrypting your files. However, it does not provide users with the instructions on how to pay the ransom. In fact, its note does not demand that you pay anything. It might be a beta version, or its developers just want to cause you problems and encrypt your files for laughs. Either way, you should try to save the important files that were encrypted in the event a free decryption tool is released. In the meantime, we recommend that you remove Cryptoshadow Ransomware using an anti-malware application because its main executable is dropped in a random location in each case and the name of the executable is random as well.