Cry Ransomware Virus Attacks Users

A new crypto virus has been recently unleashed in the wild. It is called Cry ransomware and in case of infection endangers the regular usage of the files stored on the victim’s computer. Other names of Cry ransomware are CryLocker and CSTO. This is due to its specific technique to scan for different file types and encrypt them using strong cipher algorithm. As a result, the victims can observe appended .cry extension to the encrypted files and changed desktop wallpaper. In case you are a victim of this nasty threat keep reading this article and try to remove Cry ransomware. Usage of some recovery methods may restore some of the .cry encrypted files. Supposing you’re not a victim of this crypto virus we recommend you to meet its specifics and prevent an infection.

Continue to read and come to know of Cry ransomware infection.

Let’s Meet the Features of Cry Ransomware

The special thing about this crypto virus is its feature to scan for several types of file extensions which are:

.bat, .txt, .log, .mp3, .jpg, .wmv, .bmp, .html, .css, .js, .xml, .dat

Due to the functional specifics of the file types encrypted by Cry ransomware, the infection may cause a crash of the hosted servers and databases.

Once Cry ransomware is executed on the computer, it will scan all drives including attached external drives. At the end of the scanning process all files that have one of the extensions mentioned above will be encoded by strong encryption algorithm. This process ends with appending .cry extension to the encrypted files. Furthermore, they become inaccessible.

The threat is reported to encrypt files stored at the following locations:

  • %Homedrive%
  • %Usersprofile%
  • %Public%

All files stored on the desktop which have one of the extensions mentioned in Cry’s crypto virus target list may be moved in a folder “old_shortcuts” created also on the desktop by the ransomware.

After the encryption, Cry ransomware may create additional files that aim to inform the victim what has just happened and instruct him how to pay the ransom in order to get the decryption key for the .cry files. The created files may be .txt and .html. Their names may look like this “!Recovery_[Unique 6 characters long user ID]“. The files’ location may be again on the desktop. Actually, these files contain the text of the ransom note. The ransom note may be depicted and set as wallpaper of the infected computer. Cyber criminals demand a ransom of 0,5 to 1 Bitcoin ($286 / $572) for a decryption tool.

What else stands out with this ransomware is that it leaves undamaged the text documents, presentations, and spreadsheets files. Regarding this as well as the limited amount of file types Cry ransomware encrypts an assumption that the threat project is in progress maybe is not far from the truth. Cry ransomware may have modified features in its future infections. Currently it seems that Cry ransomware is not so severe crypto infection like Zepto and Cerber3 ransomware. However, it still remains a dangerous threat that is kidnaping the users’ PCs.

How Is Cry Ransomware Spreading?

The probability of cyber criminals to spread out the Cry ransomware through malicious spam emails is too high. So all received emails that are from unknown sources, have attachments and contain suspicious links should not be even opened. Sometimes the crooks may embed the Cry ransomware in the text of the email. Thus the malicious payload can be automatically downloaded and executed on the system. Have in mind that the received email may be sent on behalf of friend’s name, bank or financial services and well-known software providers. Anyway look careful and think twice before opening an email.

Remove Cry Ransomware Then Try to Restore .Cry Files

The crypto virus Cry ransomware should not be taken lightly since it can encrypt sensitive data and violate the normal performance of the system. However, the victims of this threat should avoid paying the ransom to the cyber criminals. No one can ever fully believe that they will be honest and provide a working decryption key. On the other hand, they may use the funded money to improve the features of Cry ransomware infection and eventually cause harm to more people around the web. We recommend the victims of the ransomware to keep the .cry files and hopefully security engineers will successfully decode Cry ransomware and release a free working decrypter soon.

All victims of Cry ransomware should instantly remove the threat from their computers. This will provide a chance for further actions to recover .cry files. There are alternative working solutions such as Shadow Explorer, Recuva, and some reliable file recovery software.

To remove the Cry ransomware, we offer you to follow the step by step manual removal of malware.

In case you are a victim of Cry ransomware and face any difficulties when completing the removal and fixing the harms it has caused on your system, do not hesitate to leave us a comment. We will do as much as we can and as soon as possible to help you.

Otherwise, do not forget to ensure good protection to your system. Having an up to date anti-malware program is one of the most efficient steps against malware. Another approach to your computer security is to install all patches released by the original vendors of the installed software.

Loading… Update!
According to the latest information provided by the researches from Bleeping Computer, Cry ransomware is named after the fictional organization Central Security Treatment Organization (CSTO). This troublesome threat is also known as CryLocker. Apparently our guess of the threat being in progress turned out to be true. Now Cry ransomware is updated and encrypts approximately 650 file types. Microsoft Office filename extensions .xlsm, .xltx, .xltm, .xla, .xlam, .xll, .xlw, .xlsb, .pot, .potm, .potx, .ppsx, .ppt, .pptm, .pptx, .potm, .potx are already included in the target list. Furthermore, Cry ransomware also dubbed CSTO uses Google Maps to find the location of the victim.

Curious to know:

How disturbing is this problem?

Gergana Ivanova

Author : Gergana Ivanova

Gergana Ivanova is computer security enthusiast who enjoys presenting the latest issues related to cyber security.


Related Posts

Comments

  • i have this Ransomware now in my pc, i remove the virus jet, but i dont know how to save my fail, .cry, can you help me

    • Hi Rafael,

      Unfortunately, there isn’t available decryptor yet. What we could recommend you is to back up the encrypted data and keep it until a working decryptor is released. Meanwhile, one recovery options is to check if there are any shadow volume copies of the original files left in Windows. Shadow Explorer is free software that will help you to complete this and eventually restore any data. Another recovery approach is to use the Kaspersky Decryptors. http://support.kaspersky.com/viruses/utility You can also search for professional data recovery software and try to recover the encrypted data.

      Write back for further help.

  • Hi Rafael,

    Unfortunately, there isn’t available decryptor yet. What we could recommend you is to back up the encrypted data and keep it until a working decryptor is released. Meanwhile, one recovery options is to check if there are any shadow volume copies of the original files left in Windows. Shadow Explorer is free software that will help you to complete this and eventually restore any data. Another recovery approach is to use the Kaspersky Decryptors. http://support.kaspersky.com/viruses/utility You can also search for professional data recovery software and try to recover the encrypted data.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *