GetCrypt ransomware is a new malware that is being distributed through malvertising campaigns. Victims are first sent either a spam email or redirected to a malicious site. Malicious scripts on the site will try to exploit vulnerabilities on the user’s system. If it is successfully downloaded, the ransomware will immediately start scanning files on the user’s system. One interesting note is that if GetCrypt detects that the victim’s computer language is set to Ukrainian, Belarusian, Russian or Kazakh, the ransomware will terminate immediately. otherwise, the ransomware will start encrypting files on the infected computer. The virus will then create a ransom note named “# decrypt my files #.txt” and will demand that the user contacts “email@example.com” for payment instructions. GetCrypt also attempts to brute force attack the user’s network in an attempt to infect other computers.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased