Try2Cry Ransomware Targets Windows Systems As It Spreads Via USB Flash Drives

  •  
  •  
  •  
  • 5
  •  
  •  
  •  
    5
    Shares

Heads up Windows users! Be careful while connecting random USB flash drives to your Windows PCs as the new Try2Cry ransomware is around. The ransomware bears wormable capabilities to spread laterally via flash drives or Windows shortcut (LNK) files.

Try2Cry Ransomware Targeting Windows

Researchers have caught a new Windows ransomware active in the wild. Dubbed Try2Cry, the ransomware exhibits the wormable capability to infect other systems.

Sharing the analysis in a post, the researcher Karsten Hahn revealed that the malware is a variant of Stupid ransomware. It reaches target devices via infected USB flash drives or via Windows shortcut (.lnk) files.

Researchers could identify numerous samples of this ransomware, some with wormable capabilities, and some lacking it. All of them add .Try2Cry extension to files names after encryption.

As for encryption, the malware employs Rijndael algorithm with a hardcoded encryption key. It scans various file extensions for encryption, including .doc, .xls, .ppt, .jpg, .xlsx, .docx, .pptx, .xls, and .pdf.

Moreover, the ransomware includes the exception of machine names DESKTOP-PQ6NSM4 or IK-PC2 for infection.

Wormable Capabilities of Try2Cry

Whereas, for wormability, the malware employs techniques similar to the Spora, Dinihou or Gamarue ransomware. It scans for removable drives and places a copy of itself as ‘Update.exe’ in the root folder of the device. It then hides all original files replacing them with non-original Windows Shortcut files bearing the same icons.

Besides hidden files, the malware also places visible files in the device with folder icons and Arabic names. This looks like a possible attempt to lure the user into clicking the file.

Though, what’s positive with this ransomware is that its files are decryptable. The researchers believe that the threat actors may have simply applied copy-paste to create this variant.

Nonetheless, users must stay very careful while attaching flash drives to their systems from external sources to avoid any mishap.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!