Spike in Crowti ransomware incidence noticed by Microsoft

Microsoft has warned that there has been a spike in the number of infections caused by Crowti ransomware this month due to a renewed malicious email campaign circulated by the attackers. Microsoft says that thousands of Windows users have been affected by this ransomware that spreads through spam emails and infect Windows PC’s by encrypting the files. Thereafter the ransomware asks payment to unlock the files.

Crowti ransomware

United States has been the most infected country, accounting for 71 percent of the total infections. Australia, Canada and France are also affected with 11 percent, 6 percent and 3 percent infections respectively.

Beware of suspicious emails, it could be Crowti ransomware!

Sounding caution at opening suspicious emails, Microsoft said that Crowti ransomware is mostly infected through spam email campaigns and exploits. If successful, it can leave files inaccessible, especially for enterprises where important documents are sensitive information could then be at the mercy of the exploiters.

Users should guard against opening email attachments or links from untrusted sources. Attackers will usually try to imitate regular business transaction emails such as fax, voice mails, or receipts. If you receive an email that you’re not expecting, it’s best to ignore it. Try to validate the source of the email first before clicking on a link or opening the attachment, said Microsoft.

Below are some common attachment names being distributed via spam campaigns asking users to click,

  • VOICE<random numbers>.scr
  • IncomingFax<random numbers>.exe
  • fax<random numbers>.scr/exe
  • fax-id<random numbers>.exe/scr
  • info_<random numbers>.pdf.exe
  • document-<random numbers>.scr/exe
  • Complaint_IRS_id-<random numbers>.scr/exe
  • Invoice<random numbers>.scr/exe

These attachments are circulated mostly in zip archive. Clicking or opening them will launch the malware. Apart from spam emails, Crowti ransomware is also distributed via exploits kits such as Nuclear, RIG, and RedKit V2 or installed by other malware, such as Upatre, Zbot, and Zemot.

Crowti ransomware

Protection measures

Microsoft advises backing up your files and keeping security products and other applications up-to-date could minimize the threats. Microsoft also encourages users to join Microsoft Active Protection Service Community (MAPS). Data gathered from MAPS is used to create better detections, and to respond quickly to a threat. The feature is enabled by default for Microsoft Security Essentials and Windows Defender for Windows 8.1.

You might want to take a look at how to take to stay protected & secured against Ransomware.

Posted by with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. He enjoys following and reporting Microsoft news and developments in the world of Personal Computing & Social Media.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 2 =