CryptoWire Ransomware: Attacks, Abuses, and Persists on Schedule Tasks

1 min read


  • CryptoWire ransomware, built with AutoIt scripting language, is spreading through phishing emails.
  • The ransomware includes the decryption key within its code, making file recovery complex.

According to AhnLab security researchers, the ransomware installs itself in a common location to ensure persistence, schedules tasks to maintain its presence, and encrypts files on local networks. Encrypted files are renamed with the “.encrypted” extension, and a log file is saved on the desktop. The malware deletes shadow copies and demands a ransom for decryption. Users should exercise caution when opening unknown files and use anti-malware software for protection. Stay updated on cybersecurity news and follow GBHackers On Security.

Recently, other threats like a Trojan downloader and ransomware have been detected, along with multiple IoCs that could identify malicious files. Immediate action is required to remove this malware and protect systems. Users can access a collection of cybersecurity tools on the GBHackers website for enhanced security measures.

Previous Story

AT&T files leaked online; over 70M+ records exposed by criminals

Next Story

Learn to safeguard your online identity with our complimentary workshop

Latest from News

US sanctions Kaspersky Lab for Russia ties

TLDR: The Biden administration announced sanctions against 12 executives and senior leaders of Kaspersky Lab, a Russia-based cybersecurity company. The Commerce Department banned Kaspersky