Cry Ransomware Hits the Market
Posted by: Timothy Weaver on 09/07/2016 06:27 AM
[
Comments
]
A new ransomware dubbed "Cry" or "CSTO", uses Google maps to locate the victim. It demands a 1.1 Bitcoin (around $625) ransom.
Cry collects information such as Windows version, installed service pack, Windows bit-type, username, computer name, and CPU type. Cry also uses public sites such as Imgur.com and Pastee.org to host information about victims.
It is unknown why the hackers are using Google maps to locate the vicinity of the victim, but it is postulated that it is to further scare the victim into paying the ransom.
The ransom note includes the victims unique ID and instructions on how to log into the Tor network. After logging into the payment site, further instructions are provided as to how much to pay and where to obtain bitcoins.
The hackers have a support page that further allows communication with the malware developers and even will decrypt a file as proof that their files will be decrypted. However, a test by BleepingComputer failed to have their file decrypted. Victims are advised not to pay the ransom unless there is proof that the files can be decrypted.
Source: Security Week[3[
Cry collects information such as Windows version, installed service pack, Windows bit-type, username, computer name, and CPU type. Cry also uses public sites such as Imgur.com and Pastee.org to host information about victims.
It is unknown why the hackers are using Google maps to locate the vicinity of the victim, but it is postulated that it is to further scare the victim into paying the ransom.
The ransom note includes the victims unique ID and instructions on how to log into the Tor network. After logging into the payment site, further instructions are provided as to how much to pay and where to obtain bitcoins.
The hackers have a support page that further allows communication with the malware developers and even will decrypt a file as proof that their files will be decrypted. However, a test by BleepingComputer failed to have their file decrypted. Victims are advised not to pay the ransom unless there is proof that the files can be decrypted.
Source: Security Week[3[
Comments
