CryptoWire targets Windows OS and is currently being distributed via GitHub as an open-source “advanced proof of concept” ransomware variant. It is written in the AutoIt scripting language and uses AES-256 encryption to lock files under 30 MB found on hard drives, USB drives, network drives, network shares, and cloud storage applications. CryptoWire deletes all Shadow Volume Copies and overwrite any content still in the Windows Recycle Bin, to prevent the victim from restoring any files without paying the ransom. It adjusts the ransom payment demand based on whether or not the infected system is part of a domain. Since the code for CryptoWire is publically available, security researchers have begun to see new variants based on this code including Lomix and UltraLocker.
- Bleeping Computer provides more information about CryptoWire here.
- The NJCCIC is not currently aware of any decryption tools available for CryptoWire.