CrySpheRe Ransomware Uses Russian in Ransom Note
CrySpheRe is a new variant of the Xorist ransomware family.
CrySpheRe works the same as every other recent Xorist clone. It will encrypt the target system, leaving almost every file scrambled. Affected file types include media files, executables, documents and archives.
Once files get encrypted, they receive a new extension in the form of ".CrySpheRe". This will make a file called "image.png" into "image.png.CrySpheRe" once it has been encrypted.
The ransomware delivers its ransom demands inside a file that contains English text but has a Russian file name, called "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt", or "How to decrypt files". The full ransom note is as follows:
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted.
What can I do to get my files back? You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $30.
Contact for buying decryption software: march20222021 at proton dot me
The same text is displayed inside a pop-up window that shows up when encryption finishes.