Cry Ransomware
Posted: September 1, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 77 |
First Seen: | September 1, 2016 |
---|---|
OS(es) Affected: | Windows |
The Cry Ransomware is a Trojan that uses encryption technology to attack and block your work or files. Although the Cry Ransomware attempts to force a ransom payment from the victim in return for helping to decrypt the affected content, malware experts don't recommend paying these fees, which are not necessarily reliable ways of recovering your data. Preventing the Cry Ransomware infections or removing them with anti-malware protection is, as always, the most convenient method of dealing with Trojans of this type.
Getting in Trouble with a Fake Arm of the Law
There often is more unpredictability in the tactics associated with file encrypting Trojans than there is in the internal code of these threats. For instance, the concept of threat campaigns disguising their extortion attempts as legal actions from a government agency is a theme that has seen de-emphasis during the shift from screen-locking Trojans to threats that encrypt your data. The Cry Ransomware hearkens back to the yesteryear of old Trojan tactics by including modern attacks along with an old style of ransom payment message.
Besides technical details of interest to the PC security sector, such as its use of UDP instead of TCP-based network protocols, the Cry Ransomware leverages standard encryption attacks to encode the data of your private files, with work documents and audio-video media being two of the most favorable targets. It adds the '.the Cry' extension to these files and also creates an HTML pop-up with a semi-random title. Following the Cry Ransomware's instructions directs the user to a ransom payment site that includes some choices more common to old, screen locker-based threats: a United States government seal, threats of impending lawsuits under any failure to pay the Bitcoin fee, and references to the non-existent Central Security Treatment Organization.
Other than pretending to be a legal authority, the Cry Ransomware uses other characteristics seen in similar attempts to extract ransoms via file encrypting attacks, including using a timer that forces the victim to act quickly. The changes in the payment Web page convey no extra legal protections, and malware experts habitually find con artists ignoring any requests for help after getting their Bitcoins.
Don't Cry over Spilled Ransomware
The Cry Ransomware is an excellent example of one of the covers con artists use in their efforts to collect money from PC owners during a Trojan campaign. Besides the degree of detail in its social engineering con, malware experts found another aspect of the Cry Ransomware's attacks worthy of note: its collection of core system information, which it transmits to a C&C server. Although the function shows no symptoms to alert the PC's operator, threat actors who aren't content with encrypting your data could use that information for other attacks.
The Cry Ransomware's campaign is dated for early September 2016, with little evidence available for examining its infection strategies. A con artist could install this threat by hacking a server's account, bundling it with another program or disguising its Trojan dropper to look like an e-mailed document. Your anti-malware products should detect and block all of these exploits or remove the Cry Ransomware before its attacks can conclude.
A healthy respect for the law can go a long way, but assuming that any Website showing that a legal graphic is legitimate can be an expensive mistake for any PC owner.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.