Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Crash Ransomware

Did you find the suspicious “.bin” extension appended to your personal files, and now they cannot be read normally? If you did, Crash Ransomware might be the infection you have to blame. This dangerous threat is a file-encryptor, and it was designed to ruin your day. This malicious threat can encrypt personal files, and if it succeeds at that, the attackers behind it can demand a huge ransom payment in return for a tool that, allegedly, would restore them instantly. Needless to say, trusting cybercriminals is not what you want to do, and so you have to be extremely cautious about how you look at the solution presented by them. In the eyes of our research team, this solution is not real and should not be considered at all. Of course, you have to decide what you want to do for yourself, and if you want to learn more before you make decisions, you are reading the right report. Hopefully, by the time you are done reading, you will know how to remove Crash Ransomware and also secure your system.

The Scarab Ransomware family is ever-growing, and Crash Ransomware belongs to it along with Li Ransomware, Rsalive Ransomware, Scarab-Apple Ransomware, and many other dangerous threats that encrypt files. The unique thing about Crash Ransomware is that it appears to be targeted at Russian-speaking Windows users. The ransom note that is delivered via the file named “Напишите на почту - bin420@cock.li” is in Russian. You should be able to find this file on the Desktop, and even though it was created by cybercriminals, it is safe for you to open it before deleting it. In fact, this file might be the only component left after the files are encrypted. That is because the infection should automatically remove itself once the files in %USERPROFILE%, %USERPROFILE%\Desktop, %USERPROFILE%\Contacts, and %PROGRAMFILES(X86)% directories are scrambled. The text file with the ransom note inside is the most important file after the executor, which is the file that the attackers have no use for once the damage is done. The ransom note file, on the other hand, can help attackers reach their ultimate goal.

Using the ransom note, the attackers behind Crash Ransomware are trying to convince victims that they need to act in a certain way. The “ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ!” message informs that personal files were encrypted and that 24 of these files will be deleted every 24 hours if you do not pay the ransom. Every 24 hours for three days, the sum of the ransom is meant to increase by 30% as well. Unfortunately, we do not know how small or big this ransom might be for you because the attackers can instruct you to pay a random sum. They instruct you to email bin420@cock.li to obtain this information, and that gives the attackers a chance to personalize their demands. Although the ransom message claims that successful recovery of files is guaranteed, we really cannot know how cybercriminals would act once they received the payment. More likely than not, they would stop communicating with you, and you would never get the decryptor that you need to restore files.

Although free Crash Ransomware decryptors did not exist at the time of research, and the solution presented by the attackers is unlikely to be legitimate, you might be able to replace the corrupted files with backups. We hope that that is the case. If backups were not created, make it a habit of yours to backup every single file from now on. It is also a good idea to create backups outside the computer because internal backups are not always the most reliable. Of course, replacing files or worrying about backups should come after you delete Crash Ransomware. Even though it should remove itself, we cannot guarantee that the aggressive ransom note file will be the only component left behind. If you install a legitimate anti-malware program now, your system will be protected, and any malicious files and components that might exist will be removed automatically. We suggest employing this tool even if you are 100% sure that your operating system is now malware-free.

Crash Ransomware Removal

  1. Delete malicious files (random names and could be located anywhere).
  2. Delete the ransom note file named Напишите на почту - bin420@cock.li.
  3. Empty Recycle Bin to complete the task.
  4. Install and run a trusted malware scanner and erase any leftover threats if they are found.
Download Spyware Removal Tool to Remove* Crash Ransomware
  • Quick & tested solution for Crash Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.