Ransomware remains a very grave threat to financial service providers and consumers. Criminals are targeting anyone and everyone with their attacks as of late. Cry, a new form of ransomware recently spotted by security researchers, could have a significant impact. The malware disguises itself as a message from the Central Security Treatment Organization.
Although this government agency does not exist, the name sounds official enough to trick unsuspecting users. Cry ransomware, which spreads itself through this agency, used UDP to communicate. Moreover, it also relies on Imgur and Google Maps to carry out infections. It is a very complicated form of crypto malware; that much is certain.
Cry Is A Tricky Form of Ransomware
For the time being, Cry is still being analyzed by security experts. A lot of details regarding its inner workings remain a mystery, for now. No one knows exactly how it is being distributed, and if decryption without paying is an option. So far, Cry has been infected nearly 10,000 victims already, making it a very potent threat.
To make matters even worse, Cry ransomware is still being fine tuned by the developers. Multiple versions of this malware are known to security researchers right now. To decrypt the files, there is currently a 1.1 Bitcoin ransom fee attached. This translates to roughly US$625 to restore file access.
Saying this form of ransomware can inflict a lot of damage would be an understatement. Since the tool leverages Imgur and Google Maps, it is nearly impossible for authorities to track down its central command and control server. Without that information, it will be difficult to bring Cry to a halt.
The fact this malware presents itself as a message from a government agency is rather worrisome. Moreover, the developers used credible logos from the CIA and FBI to legitimize their claims. A similar ransomware was spotted in Europe a few years ago, called FedPol. It took security researchers quite some time to thwart that threat as well.
Header image courtesy of Shutterstock