Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New SuperCrypt Ransomware appears to be distributed via hacked Terminal Services

  • Please log in to reply
2 replies to this topic

#1 Grinler


    Lawrence Abrams

  • Admin
  • 43,640 posts
  • Gender:Male
  • Location:USA
  • Local time:11:31 AM

Posted 21 October 2014 - 01:22 PM

For the past week we have had reports of a new Supercrypt ransomware that appears to be affecting European computers. This ransomware will scan a computer's local and mapped drives and encrypt any data files that it finds. Any files that are encrypted by this infection will have their extension changed to .SUPERCRYPT. A ransom note called HOW-TO-DECRYPT-FILES.txt will also be placed on the desktop, which contains instructions to send an enclosed unique code and an encrypted file to the email address supercrypt@mailer9.com. Victims who have performed these steps have received a reply by the developer that included a decrypted version of the file and instructions on how to pay the ransom. The current price of the ransom is 300 Euros and can be paid in the form of Ukash vouchers or by sending 1 bitcoin. Victims who have paid the ransom were sent a decryption program that was able to decrypt their files.



Early reports indicate that computers infected by the SuperCrypt ransomware are being manually hacked by the malware developer via Remote Desktop or Terminal Services. Once the computer is hacked, the malware dev will run a password protected installer that performs the encryption. Once the encryption is done, the hacker will remove the installers from the computer.

There are numerous researchers analyzing the samples and encrypted files. As more information is discovered we will update this topic. We also have a dedicated support topic, which can be found here: SuperCrypt Ransomware Support Topic

BC AdBot (Login to Remove)


#2 GT500


    Authorized Emsisoft Representative

  • Security Colleague
  • 137 posts
  • Gender:Male
  • Location:Fortville, Indiana, USA
  • Local time:11:31 AM

Posted 21 October 2014 - 01:47 PM

Thanks for the info Lawrence. :wink:

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...



  • Members
  • 1 posts
  • Local time:04:31 PM

Posted 24 January 2015 - 11:39 AM

Someone finds a decrytor for this ramsonware? A customer is infected and I am studing the possiblities for not pay.

Thanks a lot

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users