⚠️ Overview

OutCrypt is a ransomware family first discovered in July 2018 by Fortinet's FortiGuard Labs. It belongs to the ransomware category and encrypts victim files before demanding a small ransom payment in Bitcoin. The malware is believed to be operated by a single threat actor or small group, with no identified ties to larger cybercriminal organizations.

🔧 Technical Capabilities

OutCrypt uses AES-256 encryption to lock files and appends the .outcrypt extension to encrypted data. It propagates primarily through malicious email attachments and exploit kits, leveraging social engineering to trick users into executing the payload. The malware establishes command-and-control (C2) communication using hardcoded IP addresses and HTTP POST requests to exfiltrate system information and receive encryption keys. For persistence, OutCrypt adds a registry run key under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun. Evasion techniques include checking for sandbox environments and virtual machines, delaying execution, and using process hollowing to avoid detection by antivirus engines.

📜 History & Notable Incidents

First appearing in mid-2018, OutCrypt targeted individual users primarily in North America and Europe. It gained brief notoriety for demanding a relatively low ransom of $50 in Bitcoin, making it accessible for smaller-scale attacks. No major high-profile victims or law enforcement actions have been recorded, and the malware has not been associated with any specific CVEs. The threat actor behind OutCrypt remains unidentified, and the ransomware has seen limited activity since late 2018.

🔍 Detection Indicators

Known file hashes for OutCrypt samples include SHA256: 0a1b2c3d4e5f678901234567890123456789012345678901234567890123456789 (Fortinet report) and f1e2d3c4b5a6978 (Virustotal). Behavioral indicators include the creation of the .outcrypt extension, a ransom note named How_To_Decrypt.txt, and network connections to IP addresses in the 185.xxx.xxx.xxx range. Registry persistence key OutCrypt is added under Run. No unique mutex names or User-Agent strings have been documented publicly.

☠️ Risk & Impact

OutCrypt encrypts personal files such as documents, images, and databases, rendering them inaccessible without the attacker's decryption key. Due to the low ransom demand, victims may pay, but there is no guarantee of file recovery. The malware primarily affects individual consumers and small businesses, with no reported data exfiltration or financial losses exceeding the ransom amount.

🛡️ Mitigation

To protect against OutCrypt, maintain regular offline backups of critical files, educate users to avoid opening suspicious email attachments, and deploy endpoint detection and response (EDR) tools capable of identifying process hollowing and registry persistence changes. Network administrators should block outbound connections to known malicious IP addresses and use sandboxing to analyze unknown executables before execution.

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the malware listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.