New Cry Ransomware Strain has Unusual Advanced Features

A new ransomware that pretends to be from a fake organization called the Central Security Treatment Organization has been discovered.

When the Central Security Treatment Organization, or Cry, Ransomware infects a computer it will encrypt a victim’s files and then append the .cry extension to encrypted files. It will then demand approximately 1.1 bitcoins, or $625 USD, in order to get the decryption key.

Heads Up: Massive Attack Wave Coming Soon

This strain is clearly created by experienced coders who know what they are doing. Just check out the list of advanced features this version 1.0 came out with. Looking at the resources spent to create this strain, you can expect a massive wave of attacks to follow soon. These bad guys have the resources and then some:

  • Uses UDP to communicate with the Command & Control Server to evade detection
  • Uses social networks to upload and host information about the victims using fake PNG files
  • Queries Google Maps API to identify victim location using nearby wireless SSIDs (!)
  • Deletes the system Shadow Volume Copies
  • Stays persistent after reboots
  • Uses TOR payment site that requires the victim’s personal ID from ransomnote
  • Has functioning support page to communicate with the criminals
  • Includes a free (drag & drop, imagine that) decryption of one file to prove the files can be decrypted

Leave a Reply

Your email address will not be published. Required fields are marked *