Cryptedpay

Description

CryptedPay is a standalone ransomware strain observed around early 2025, that encrypts files using AES-256 and appends the .CRYPTEDPAY extension. Victims receive a ransom note (README.txt), have their desktop wallpaper changed, and are instructed to pay approximately $280 in Monero (XMR). The ransomware imposes a 62-hour deadline, threatening permanent file loss if not paid.

External Analysis
https://www.pcrisk.com/removal-guides/21736-cryptedpay-ransomware
https://www.enigmasoftware.com/cryptedpayransomware-removal/

Mail
ranshelp@tutanota.com

Urls	Screen

File servers	Screen

Chat servers	Screen

Admin servers	Screen