Crypt888 Ransomware

Crypt888, also known as Mircop, is ransomware that encrypts files on desktops, downloads, pictures, and documents with RSA algorithms. The virus locks the encrypted files by prefixing them with the file extension “lock.” Once encryption is complete, the malware changes the victim’s desktop wallpaper and displays a ransom note to decrypt the files.

What Is Crypt888 Ransomware?

Crypt888 was first detected in 2016. Hackers use spam emails containing a .zip file or word document and file-sharing software to distribute the virus. The main purpose behind the Crypt888 attack is to make money, as it demands a ransom ranging between 0.8 and 48.48 Bitcoin to decrypt the files. Although the virus has introduced different variants over time, almost all variants look identical except in their user interface and communication language, and some of them are still alive.

Types of Crypt888 Ransomware

The variants of Crypt888 ransomware include the following:


Mircop is the initial version, and it’s used to change the desktop wallpaper with an anonymous mask on black background. A ransom note accompanies the change of wallpaper and states that the victim has stolen some money from the wrong people, and they need to return it. 


Aviso is a Brazilian version and is identical to Mircop in all aspects except language. Aviso demands a payment of 2,000 Brazilian reals to decrypt the files. Though the virus is dangerous, the encrypted files can retrieve by using the Crypt888 decryptor tool.

Crypt888 (Italian version)

Researchers hope that the Italian version of Crypt888 was a test version, as it is found rarely. The virus leaves no more information regarding encryption and payment.

Crypt888 (Portuguese version)

It’s a lock-screen variant that demands a payment within 36 hours to avoid permanent destruction of the victim’s files. However, victims can use the Crypt888 decryptor tool to encrypt files without paying the demanded ransom. 


The Zuahahhah version can delete email accounts and files in infected systems. Affected users should try to remove the virus from the computer as soon as possible and restore files with the Crypt888 decryptor.

The virus uses the email address to contact victims and asks them to pay 0.8 BTC for decrypting files. A free decrypting tool is available for victims to decrypt the files encrypted by this version.

What Was the Impact?

Crypt888 focuses primarily on individuals and small- and medium-sized manufacturing companies in Brazil, Portugal, and Italy. These countries share similarities in language, culture, and industrial behavior that prompted attackers to focus on these victims as a collective group.

How Did the Attack Work? 

The Crypt888 virus infiltrates targeted systems through malicious emails containing a ZIP file that pretends to be sent from a reputed bank, medical institution, Microsoft, or other renowned company. When the user opens the file, the system automatically downloads an executable that uses Visual Basic Script developed by Microsoft to run the Crypt888 virus in memory.

After successful activation, the virus can begin to encrypt files and add Lock. to the file name. Then the virus changes the desktop wallpaper and displays a ransom note demanding a ransom in BTC to decrypt the files.

What Is the Cure for Crypt888 Attacks?

It’s highly recommended that victims of the attack not follow the hackers’ instructions on how to pay the ransom and decrypt their files. Use either automatic Crypt888 removal tools or follow one of the below methods to remove the virus:

What Can Users Do to Prevent a Crypt888 Attack?

Businesses and individuals must follow the best security measures to prevent ransomware attacks. Here are some important prevention steps:

Read next: Best Ransomware Protection Solutions

Siji Roy
Siji Roy
Siji Roy specializes in technology, finance, and content marketing. She helps organizations to communicate with their target audience. She received her Master’s degree in Communication and Journalism from the University of Calicut, India. She is fortunate to be married to a lovely person and blessed with three naughty boys.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Symmetric vs Asymmetric Encryption

What are the differences when comparing symmetric vs asymmetric encryption? Does one approach work better than the other, or do they work best when...


wirelessThe term WPA2-PSK refers to Wi-Fi Protected Access 2—Pre-Shared-Key or WPA2-Personal, which is used to protect network access and data transmission by using an...

REvil Ransomware

REvil was a Ransomware-as-a-service (RaaS) ransomware attack that affected a number of larger corporations and famous individuals. Read this article to learn more about...

Colonial Pipeline Ransomware Attack

The Colonial Pipeline Ransomware Attack was a major ransomware attack perpetrated against the oil and gas company, Colonial Pipeline, in 2021. Learn more about...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...