Cry9 Ransomware
Posted: April 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 17,356 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 77 |
| First Seen: | April 5, 2017 |
|---|---|
| Last Seen: | October 3, 2023 |
| OS(es) Affected: | Windows |
The Cry9 Ransomware is a new version of the Crypton Ransomware, with both Trojans using a corrupted file encryption for locking your local files and extorting Bitcoin payments. If you fail to prevent this threat from encoding your PC's media, free decryptors or uninfected backups can mitigate the cost of a full recovery. As with similar threats able to damage the contents of your PC, malware experts recommend blocking and deleting the Cry9 Ransomware by default with any good anti-malware product.
Double the Bits for Double the Problems
One of the weaknesses in a classic file-encrypting Trojan is the possibility of having its encryption algorithm broken by a third-party that would allow victims to recover without beseeching the threat actor for aid. Some threats of this category will mislabel their algorithms as being stronger than they are, while other ones may use virtually unbreakable encoding techniques. Then there's the Cry9 Ransomware, which uses a primitive but potentially viable way of increasing the difficulty of any decryption attempts.
Malware experts are verifying the Cry9 Ransomware as being a derivative of the past Crypton Ransomware, which targeted Russian and English speakers previously. The Cry9 Ransomware is, instead, trafficking in ransoms from Portuguese-speaking victims such as Brazilians. The Cry9 Ransomware encrypts your files with a variant of AES to block them and creates a text message insisting on Bitcoin payments to restore the original data.
What makes the Cry9 Ransomware most unusual is its new encryption changes, which use a radically different variant of AES that bases the key size on 512 bits. The threat actor appears to have assumed that doubling the standard of AES-256 would result in twice as much security against decryption attempts. While this isn't entirely accurate, the update is sufficient for keeping the Cry9 Ransomware safe from the freeware decryptor released for the Crypton Ransomware in March, for the time being.
Keeping Crooks Crying about Missing Money
The Cry9 Ransomware shows few ransoming components in common with its originator software, the Crypton Ransomware, and may be under new management, which is typical of the RaaS industry. The 0.5 Bitcoin (equal to 566 USD) ransoms of this threat, while not cheap, are most closely aligned with the low end of extortion cyber attacks that try to compromise casual PC users, instead of the business sector. Infection vectors that malware experts have seen in recent operation for threats of the Cry9 Ransomware's type include e-mail attachments, corrupted website scripts, and deceptively named downloads.
Any individuals seeking decryption solutions may wish to contact researchers in the anti-malware business sector with prior experience with the Crypton Ransomware family, which is decryptable. However, malware analysts recommend backing up files to remote devices or servers regularly, which is the only certain way of containing the data loss of most file-encrypting Trojans. In either situation, reversing the Trojan's payload also is less safe than blocking and deleting the Cry9 Ransomware with any preemptive anti-malware security features.
Con artists are working to make the Cry9 Ransomware's attacks more well-protected against known security solutions that evade their ransoming demands plainly. In just the same way, you should be striving to update your data storage and PC security to keep new releases of old threats unprofitable continually.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.