- Home
- Detectable Ransomware
- Decr1pt
Ransomware Research
Decr1pt Ransomware
Decr1pt is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on July 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Decr1pt, TinyCryptor, Anti-Russian, CorpVPM, OldGremlin.
Quick Facts
- Ransomware Family
- Decr1pt
- First Seen
- July 1, 2020
- Known Aliases
- Decr1ptTinyCryptorAnti-RussianCorpVPMOldGremlin
How Decr1pt Ransomware Works
Targeted Files
Chain -> LNK -> DOCX -> POWERSHELL e9b2d76f4a15a41b190fe444c3ef60bc2c320fa53ad1dd224e22ab06702ce86c -> POWERSHELL
Ransom Note and Payment Demands
After encrypting files, Decr1pt displays ransom notes demanding payment for file recovery:
/^README_[a-z0-9]{12}\.txt$/
Ransom message:
notes/README_ma3byib38w8s.txt
Note locations:
Desktop
RootDiscs
Temp
Technical Indicators
Associated Executable Files
The following executable files are associated with Decr1pt ransomware:
N-388-30.06.2020.docx.lnk
AKT-FinAuditService.docx.lnk
АктСверки.zip
Запрос.zip
Elastio Can Help You
Don't let Decr1pt ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Decr1pt ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Decr1pt.
Last updated: July 30, 2025