Crone Ransomware Brings More Threats To The Cyber Landscape
Table of Contents
What Is Crone Ransomware?
Crone ransomware is a malicious program designed to encrypt data and extort money from its victims. Crone has been observed encrypting files on infected systems and appending a unique ".crone" extension to each one. For example, a file named "photo.jpg" would be altered to "photo.jpg.crone" following encryption.
After completing its encryption process, Crone drops a ransom note named How To Restore Your Files.txt on the victim's system. This note, written in both English and Russian, informs users that their files are now inaccessible and that existing backups have been deleted. The message then demands a payment of 0.006 Bitcoin—roughly $570 USD at the time of writing—in exchange for the decryption key.
Here's what the ransom note says:
--------------- Hello ---------------
!!!IMPORTANT !!!
###################################
# you Decryptor ID is : - #
###################################Your computers and servers are encrypted, and backups are deleted.
We use strong encryption algorithms, so no one has yet been able to decrypt their files without our participation.The only way to decrypt your files is to purchase a universal decoder from us, which will restore all the encrypted data and your network.
Follow our instructions below, and you will recover all your data:
1) Pay 0,006 bitcoin to 1E6cvG6iEbufvYspsDa3XQ3WJgEMvRTm9i
2) Send us a message with your Decryptor ID and transaction ID at babuckransom@tutanota.com
3) Launch decryptor.exe, which our support will send you through emailWhat guarantees?
------------------
We value our reputation. If we will not do our work and liabilities, nobody will pay us. This is not in our interests.
All our decryption software is tested by time and will decrypt all your data.
------------------!!! DO NOT TRY TO RECOVER ANY FILES YOURSELF. WE WILL NOT BE ABLE TO RESTORE THEM!!!
--------------- Привет ---------------
!!!ВАЖНО!!!
###################################
# товй Decryptor ID : - #
###################################Ваши компьютеры и серверы шифруются, а резервные копии удаляются.
Мы используем надежные алгоритмы шифрования, поэтому никто еще не смог расшифровать свои файлы без нашего участия.Единственный способ расшифровать ваши файлы - это приобрести у нас универсальный декодер, который восстановит все зашифрованные данные и вашу сеть.
Следуйте нашим инструкциям ниже, и вы восстановите все свои данные:
1) Переведите 0,006 биткоина на 1E6cvG6iEbufvYspsDa3XQ3WJgEMvRTm9i
2) Отправьте нам сообщение с вашим Decryptor ID и с идентификатором транзакции по адресу babuckransom@tutanota.com
3) Запустите decryptor.exe, который наша служба поддержки отправит вам по электронной почтеКакие гарантии?
------------------
Мы дорожим своей репутацией. Если мы не выполним свою работу и обязательства, нам никто не заплатит. Это не в наших интересах.
Все наши программы для расшифровки проверены временем и расшифруют все ваши данные.
------------------!!! НЕ ПЫТАЙТЕСЬ ВОССТАНОВИТЬ КАКИЕ-ЛИБО ФАЙЛЫ САМОСТОЯТЕЛЬНО. ИНАЧЕ МЫ НЕ СМОЖЕМ ИХ ВОССТАНОВИТЬ!!!
What Ransomware Programs Do
Ransomware like Crone functions by locking users out of their files through complex encryption. Once a system is infected, users are instructed to pay a ransom, usually in cryptocurrency, to supposedly regain access to their data. These programs often disguise themselves as ordinary files or legitimate software, tricking users into launching the malware unknowingly.
It's important to point out that paying the ransom does not guarantee file recovery. Cybercriminals frequently take the money and disappear, leaving victims with no recourse. Moreover, paying only fuels the illegal operations behind these schemes, incentivizing further attacks and perpetuating the cycle of digital extortion.
The Demands and the Danger
In the case of Crone, victims are specifically warned not to attempt decrypting the files on their own, as doing so may make recovery permanently impossible. This is a common intimidation tactic used by ransomware operators to pressure victims into compliance. The ransom amount—though comparatively small compared to some high-profile attacks—is still a significant sum, especially given the uncertainty of data recovery.
Like most ransomware, Crone cannot be removed without consequences. Even if the malware itself is deleted from the system, the encrypted files will remain locked unless the proper decryption key is used. Without a backup, victims often find themselves with no viable option other than starting over from scratch or taking the risk of paying the ransom.
How Ransomware Spreads
Like many ransomware strains, Crone is distributed using various deceptive methods. These include phishing emails with malicious attachments or links, bundled software installers from unreliable sources, and fake updates or software cracks. Common file types used to spread malware include executables (.exe), compressed files (.zip or .rar), Office documents, and even PDFs.
Once executed, ransomware begins its attack silently, encrypting files and disabling system features like restore points or backups to prevent easy recovery. In some cases, ransomware can even propagate itself across local networks or removable drives, turning one infected machine into a gateway for a wider outbreak.
Defending Against Ransomware
The most effective defense against ransomware like Crone is prevention. Users are advised to back up important files regularly and store those backups in secure, isolated locations such as unplugged external drives or remote servers. Relying solely on cloud-based services or system restore functions is risky, as some ransomware is programmed to disable or encrypt those as well.
In addition to backups, users should practice cautious online behavior. Avoid opening suspicious emails or clicking unfamiliar links. Download software solely from trusted sources and keep systems and applications updated using official tools. Businesses, in particular, should implement network segmentation and employee training programs to lower the risk of widespread infection.
Bottom Line
Crone ransomware represents just one of many emerging threats in the ransomware landscape. Like its counterparts—such as Warning, RESOR5444, and Gunra—Crone uses fear and urgency to manipulate its victims. However, despite the pressure tactics and often convincing ransom notes, security experts continue to emphasize that paying ransoms is both unreliable and unethical.
As ransomware continues to evolve, so too must our defenses. Through a combination of smart digital hygiene, regular backups, and user education, individuals and organizations alike can protect themselves from becoming the next victim of ransomware like Crone.
