Crypton targets Windows OS and is distributed via a generic malware dropper. Once the dropper delivers the malware to the targeted system, it unpacks and installs crypton.exe which alters the Windows registry to establish and maintain persistence. Crypton then encrypts files using the AES+RSA method. It then appends _crypt to the actual name of the encrypted files, but it keeps the original file extension (e.g., image_crypt.jpg). The ransom payment demand observed in samples is between 0.2 Bitcoin to 2 Bitcoin.

  • Bleeping Computer provides more information about Crypton here.
  • The NJCCIC is not aware of any decryption tools available for Crypton.

One example of the Crypton variant. Image Source: PCRisk