One example of the DecryptorMax variant.

Image Source: PcVirusLab

DecryptorMax, also known as CryptInfinite, targets Windows OS and spreads via malicious Word documents masquerading as resumes in spam emails. The infection occurs when a recipient opens the attached file and enables the macros. Files locked by DecryptorMax display .crinf as the file extension. Additional capabilities include deleting all Shadow Volume Copies and disabling Windows Startup Repair. DecryptorMax changes the victim’s desktop wallpaper to an image of the ransom note. Payment is accepted via PayPal MyCash voucher codes.

  • Bleeping Computer provides more information on DecryptorMax, found here.
  • Emsisoft offers a decryption tool for files encrypted by DecryptorMax, available here.