By Susan Richardson, Manager/Content Strategy, Code42
Ah, those ingenious cyber criminals. They keep coming up with ever more frightening ransomware threats. JIGSAW warns victims it will delete files every hour until they pay $150 USD in bitcoins. Chimera threatens to publish the victim’s files online for all to see. Cerber ups the ante by enlisting a creepy robotic voice to tell victims their files have been encrypted. And now the latest ransomware hopes to intimidate victims by showing their location on Google Maps. In other words, “We know where you are.”
But wait, there’s more
Dubbed CryLocker, the new ransomware is getting publicity for another unusual trait, as well. Instead of sending affected files to remote command and control (C&C) servers for the attackers to access, it encodes the victim’s files into a bogus PNG image file and uploads it to a free online image hosting site, either Imgur or Pastee. Security researcher MalwareHunterTeam, which detected the new strain in August, said it found PNG images for more than 10,000 victims inside CryLocker’s Imgur album.
Although the official name of the ransomware is CryLocker, it’s also referred to as the Central Security Treatment Organization ransomware based on the bogus organization name displayed on its payment site—or Cry ransomware because it appends the .cry extension to encrypted files.
Never pay the ransom
The good news is that if CryLocker victims have modern endpoint data protection, ransomware recovery is no big deal. Because endpoint security solutions such as Code42 CrashPlan can restore files from a backup time just before the attack, users never have to pay up—no matter how creative or intimidating ransomware threats get.