Home Malware Programs Ransomware CryForMe Ransomware

CryForMe Ransomware

Posted: June 15, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 2
First Seen: June 15, 2017
OS(es) Affected: Windows

The CryForMe Ransomware is a Trojan that displays threatening messages asking you to pay money to unlock the files that it encrypts. The CryForMe Ransomware infections may or may not include actual data-locking attacks, and malware experts judge this feature as being non-working, at this time. Use backups to keep your media safe from these threats, and anti-malware programs to remove the CryForMe Ransomware from your computer.

The Indentation a Few Teardrops can Make on Your Files

Tears are an appropriate and overused theme among threat actors using file-encrypting attacks in the summer of 2017 particularly. Thanks to the more than trivial prominence of both the s WannaCryptor Ransomware and Hidden Tear re-releases, unprotected PC users without any backups are placing their files at significant risk of damage. The CryForMe Ransomware is only the newest point of data in these rising threats and is still in the middle of its development.

Although the CryForMe Ransomware is in an unfinished state, malware researchers ascertain it as being a variant of the numerous Hidden Tear family. Conclusions one might draw from the associated file data implies that the Trojan's author, the so-called 'Marco,' may be Italian. However, the CryForMe Ransomware uses English-based ransom messages that Marco copied from separate Trojan campaigns and may see distribution elsewhere around the world. The use of Euros in the extortion references does imply that the CryForMe Ransomware is meant to be Eurocentric.

As a Hidden Tear variant, one might expect the CryForMe Ransomware to use data-locking attacks for encrypting documents, archives, pictures, and other media on the infected computer. The threat actor has made sufficient edits to this feature that malware experts don't recognize as functional.

The CryForMe Ransomware does use another feature of file-encrypting campaigns correctly: an HTML pop-up that asks for Bitcoin money to unlock your files. The window may block your desktop and include most of the elements of similar attacks, such as a wallet address for transferring the cryptocurrency and a time limit before the cost rises.

Drying out the Profits from Cyber Misdeeds

While intercepting demonstrations of Trojans in development is preferable to identifying them after they're ready for a live 'demo,' PCs lacking backups still are at risk of losing data from a finished version of the CryForMe Ransomware. The threat actor might circulate the CryForMe Ransomware through any of several tactics, including e-mail attachments or exploit kits, most of which are preventable with anti-malware protection and responsible Web-browsing behavior.

Malware analysts recommend saving your backups to a detachable device or remote server, to prevent the CryForMe Ransomware from erasing them while it encrypts the original files. Even in the case of well-analyzed Trojan projects, like Hidden Tear, the free decryption of brand-new variants is far from certain. If you update your anti-malware products and leave them active to intercept any emerging threats, you should remove the CryForMe Ransomware before it starts any data-enciphering attacks.

Since the con artists use ransoming methods that protect themselves, rather than the 'buyer,' Trojans like the CryForMe Ransomware offer bad transactions under duress. Unfortunately, spending cryptocurrency coins to unlock your files isn't always rewarded with a decryption key, and victims are better off keeping their money to themselves.

Loading...