A helpdesk should assist victims of the UltraCrypter / CryptXXX ransomware when they encounter problems when making payments or when they are unable to decrypt files. UltraCrypter is the successor to the CryptXXX ransomware.
The first two versions of the ransomware were cracked by security researchers but for the latest version there is no free decryption tool. Users without a backup that want their files back only have the option to pay. However some victims were unable to make payments and some complained that the decryption software they received from the cybercriminals didn't work.
Therefore the criminals decided to open a helpdesk where CryptXXX and UltraCrypt victims are assisted in resolving their issues. The website is hosted on the Tor network at eqyo4fbr5okzaysm.onion. Users normally have to make their payment through this page, but it now also has an additional tab. This is called 'helpdesk' and contains a contact form where users can describe their problem.
The criminals only provide support in English, users that don't speak (sufficient) English are directed to Google Translate.
