SuperCrypt Ransomware is a malicious infection that targets Windows Servers that use Windows 2003 or Windows Server operating system. This malicious program encrypts sensitive files and then demands a ransom fee to be paid. If the infected users pay a designated sum of money, SuperCrypt Ransomware promises to decrypt the affected files. The main problem with this infection is that users do pay the ransom fee because servers often contain crucial files, and users cannot afford to lose them. On top of that, there is no way to remove SuperCrypt Ransomware manually because it disappears once it encrypts the files.
Where does SuperCrypt Ransomware come from?
Our security researchers have found that SuperCrypt Ransomware travels around using a request for open default RDP port 3378. It manages to do that after using terminal exploits. This information allows us to assume that computers that get affected by SuperCrypt Ransomware are hacked manually by the cybercriminal himself.
The malicious infection takes place through Terminal Service or Remote Desktop client. Most of the computer security applications are said to be unable to detect and terminate SuperCrypt Ransomware because the installer files for this program get removed from the affected computers once the encryption process is complete.
What does SuperCrypt Ransomware do?
As mentioned above, SuperCrypt Ransomware enters target system to encrypt sensitive files. This infection seems to target mostly users in Europe as the current ransom fee is 300 Euro. The fee has to be transferred via Ukash vouchers or by sending one Bitcoin (if a user happens to have one).
The different between SuperCrypt Ransomware and other similar ransomware applications is that users who have suffered from this infection and paid the ransom fee were able to get their files back. Once the ransom fee is transferred, SuperCrypt Ransomware sends back a decryption program that decrypts the files.
It is easy to determine whether the system was infected with SuperCrypt Ransomware or not because, upon the infection, the ransomware programs sends the following message:
If you’re reading this text file, then ALL your FILES are BLOCKED with the most strongest military cipher.
All your data – documents, photos, backups – everything is encrypted.
The only way to recover your files – contact us via email@example.com
How to deal with SuperCrypt Ransomware?
Unfortunately, computer security applications do not seem to be able to detect and remove SuperCrypt Ransomware on time. If you do not have a backup version of your files, chances are that you will have to pay for the decryption program because it appears to work.
What is more, since the SuperCrypt Ransomware infection seems to be carried out manually, there may not be much you can do to protect your system once it becomes a direct hacker target. However, it would still be a good idea to implement all the basic computer security measures to avoid SuperCrypt Ransomware.