- Home
- Detectable Ransomware
- CryptConsole-2018
Ransomware Research
CryptConsole-2018 Ransomware
CryptConsole-2018 is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2018, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: CryptConsole-2-2018, CryptConsole-3-2018-2021.
Quick Facts
- Ransomware Family
- CryptConsole-2018
- First Seen
- April 1, 2018
- Known Aliases
- CryptConsole-2-2018CryptConsole-3-2018-2021
How CryptConsole-2018 Ransomware Works
Targeted Files
redbul@tutanota.com_31332D5573696E675F506F776572706F696E742E707074 {mail}_{filename in hex}+ https://www.bleepingcomputer.com/forums/t/608858/id-ransomware-identify-what-ransomware-encrypted-your-files/page-71#entry5178754
Ransom Note and Payment Demands
After encrypting files, CryptConsole-2018 displays ransom notes demanding payment for file recovery:
HOW DECRIPT FILES.hta
Ransom message:
notes/HOW DECRIPT FILES.hta
Note locations:
EveryFolder
README.hta
README.txt
Ransom message:
notes/README.txt
Note locations:
EveryFolder
FILE DECODER.txt
Ransom message:
notes/FILE DECODER.txt
!!ReadmeForHelp!!.txt
Ransom message:
notes/!!ReadmeForHelp!!.txt
Technical Indicators
Associated Executable Files
The following executable files are associated with CryptConsole-2018 ransomware:
smsss.exe
HEUR.Trojan-Ransom.Win32.Generic.c35506bd3fedad57e7f1ea975ebcaec5.exe
myfile.exe
ransomware
sequre@tuta.io_736D7373732E657865
xzet@tutanota.com_736D7373732E657865
smss.exe
Crypt_Console.exe
crypt_console.exe
crypt.exe
!xzer@tutanota.com_736D7373732E657865
zizz@tutanota.de_736D7373732E657865
zizz@tutanota.exe.bin
smsssA.exe
systemA.exe
GitHub Desktop
afmPECYzE.bin
sample.exe
Microsoft Updater.exe
Microsoft Updater 4.exe
Microsoft Lan Updater 4.exe
Elastio Can Help You
Don't let CryptConsole-2018 ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This CryptConsole-2018 ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like CryptConsole-2018.
Last updated: July 30, 2025