CryptoNar Ransomware Discovered and Quickly Decrypted

Haythem Elmir

This week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free.

This ransomware was first discovered by MalwareHunterTeam and at first glance it looks like a ransomware with little to no distribution. While I would normally not write about ransomware like these, it was later learned that this ransomware had encrypted close to 100 victims.


The good news is that Michael Gillespie was quick to create a free decryptor for this ransomware so victims can get their files back for free.

The CryptoNar Ransomware

When the CryptoNar, or Crypto Nar, Ransomware encrypts a victims files it will perform the encryption differently depending on the type of file being encrypted.

If the targeted file has a .txt or .md extension, it will encrypt the entire file and append the .fully.cryptoNar extension to the encrypted file’s name. All other files will only have the first 1,024 bytes encrypted and will have the .partially.cryptoNar extensions appended to the file’s name.

Files encrypted by CryptoNar
Files encrypted by CryptoNar

When done encrypting the files, it then the sends public/private key pair to the attacker via email.

Send keys via SMTP
Send keys via SMTP

CryptoNar will then drop a ransom note named CRYPTONAR RECOVERY INFORMATION.txt that asks the victim to send $200 in bitcoins to the enclosed bitcoin address. When sending the coins, the attacker instructs the victim to enter their email address and listed ID in the « extra note » field of the bitcoin transaction.

Ransom Note

A decryptor will then be launched and waits for the victim to enter a private key they would supposedly get after paying the ransom.

Crypto Nar Version 1.0

It is not known if the attacker will actually try and help a victim after they pay, but at this point it does not matter as there is a free decryptor available. [..]

To read the original article:


Laisser un commentaire

Next Post

Cobalt cybercrime gang targets Russian and Romanian banks

On August 13, ASERT observed the Cobalt crime gang actively pushing a new campaign aimed at institutions in eastern Europe and Russia. Security experts from Netscout’s ASERT uncovered a new campaign carried out by the Cobalt cybercrime group. The attacks were detected on August 13, 2018, experts revealed that the hackers targeted also the NS Bank […]