DecryptorMax, also known as CryptInfinite, targets Windows OS and spreads via malicious Word documents masquerading as resumes in spam emails. The infection occurs when a recipient opens the attached file and enables the macros. Files locked by DecryptorMax display .crinf as the file extension. Additional capabilities include deleting all Shadow Volume Copies and disabling Windows Startup Repair. DecryptorMax changes the victim’s desktop wallpaper to an image of the ransom note. Payment is accepted via PayPal MyCash voucher codes.