Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

CRYPSPORT Ransomware Information

    • Updated:
    • 5 Dec 2019
    • Product/Version:
    • Apex One 2019
    • Deep Discovery Email Inspector 3.5
    • Deep Discovery Inspector 5.5
    • Deep Security 12.0
    • InterScan Messaging Security Suite 9.1
    • Interscan Messaging Security Virtual Appliance 8.5
    • Interscan Web Security Virtual Appliance 6.5
    • OfficeScan XG
    • ScanMail for Exchange 14.0
    • Worry-Free Business Security Standard 10.0
    • Platform:
Summary

The CRYPSPORT ransomware appears to be targeted at corporations rather than individual users and may possibly be leveraging networks that have already been compromised. Information about this ransomware is limited at this time. However, this article will be updated as more becomes available.

Capabilities

  • File Encryption

Infection Chain

Infection Chain

Infection Routine

Target Extension:

  • It encrypts all files in the system as well as files found on the following drives:
    • Fixed Drives
    • Removable Drives
    • Network Drives
  • It avoids encrypting the following file types:
    • .arp
    • .exe
    • .dll
    • .sys
    • .vxd
    • .ini
    • .lnk
    • .msi
    • .cab
  • It avoids encrypting files found in the following folders:
    • windows
    • microsoft
    • trend
    • edr
    • kaspersky
    • app
    • mcafee
    • office
    • google
    • netlogon
  • It drops the following files as a ransomnote:
    • {all encrypted path}\ReadMeAndContact.txt

Ransomnote:

Ransomnote

Details
Public

File Reputation

Detection NamePattern branch/version
Ransom.Win32.CRYPSPORT.A
Ransom.Win32.CRYPSPORT.B
Ransom.Win32.CRYPSPORT.C
Ransom.Win32.CRYPSPORT.B.note
Ransom.Win32.CRYPSPORT.A.SM – One to Many detection
ENT OPR 15.505.00

Predictive Machine Learning

Detection NamePattern branch/version
Rapid ProliferationIn-the-cloud

Rapid Proliferation is a mechanism to detect suspicious files that exceed the threshold by attaching the "Bad Rating" to the suspicious sample.

Behavior Monitoring

Policy IDPattern branch/version
RAN4056T – Generic DEL Shadow Copy commands
Supported by ADC (Access Document Control)
BM OPR 1.907

Sandbox Solution

Detection NamePattern branch/version
VAN_RANSOMWARESandbox Behavior

Recommendations

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
000155798
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.