A security breach believed to be in the form of Qrypt ransomware has occurred, and we
would like to confirm the situation and provide a warning as follows.

Qrypt Ransomware

The ransomware in question is called Qrypt and appears to be changing all files with file name.extension.qrypt.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• It is a C++-based ransomware that forcibly terminates data (SQL, etc.) and backup-related services by checking termination commands and processes. To make it difficult to recover data after encryption, delete shadow copies or delete all contents of the Recycle Bin without printing a message.

  
  [Figure 3 Checking and stopping specific services]

  
  [Figure 4 Checking whether a specific process is running and forcing its termination]

  
  [Figure 5 Deleting shadow copies]

  
  [Figure 6 Deletion of trash bin contents without message output]

Infection results

The guidance file <Readme How to Recover.txt> is created in each folder, and encrypted files are changed to <file name.extension.qrypt>.

[Figure 7 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 8 Block message]

Watch the Qrypt blocking video