Crypren

One example of the Crypren variant.

Image Source: malwarefixes

Crypren targets both Windows OS and Linux distributions based on Debian and spreads via phishing emails and infected PDF, DOC, and ZIP files. It uses a combination of AES-256 and RSA-2048 encryption and appends all encrypted files with the extension .ENCRYPTED. At this time, Crypren does not damage or delete Shadow Volume Copies so it may be possible to restore data from these sources if infected with this variant. It demands a ransom payment of 0.1 Bitcoin.

  • Enigma Software provides more information about Crypren here.
     
  • A decryption tool for Crypren is available on GitHub here.