Petronella Blog Archive

Visit our New Blog

Lazy Ransomware

Blog Post

A new strain of ransomware has been discovered, but fortunately for those affected, it’s not particularly sophisticated, so victims should be able to remove it without having to pay the hackers responsible. That said, you never know what could be hidden in the code, so it will take time to be completely sure.

Going by the name CryptoHost, this new bit of malware allegedly encrypts your data then demands .33 bitcoins ($140) to unlock them. Here’s the catch, it doesn’t actually do that. Apparently the hackers were lazy, instead of actually encrypting a victim’s files, it copies them into a password protected RAR archive

The good news is that since the password is relatively easy to discover and CryptoHost doesn’t use a Command and Control server, there is a work around to get your files back. Essentially, all you need to do is stop the cryptohost.exe file from running using Windows Task Manager and unzip the RAR file. After that, run MalwareBytes to scrub the ransomware from your hard drive.

If you need help removing CryptoHost or are worried you might be at risk of being taken advantage of by ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.