A new ransomware exploit has just been discovered, which is being called “Cry,” for the .cry extension it assigns files on your computer, or “CSTO,” which is an acronym for a fictional agency called the Central Security Treatment Organization referenced in a message pop-up that the ransomware victim receives. This new-fangled ransomware, which was discovered by MalwareHunter Team, can, according to a report by Kim Komando, “use websites such as Imgur.com to host data it has collected from its victims and that it’s even able to somehow connect to Google Maps and identify the victim’s exact location.”
Reports on the Cry Ransomware outbreak also appeared in Security Week and Open Source Intelligence (OSINT) that confirm the ransomware exploit’s existence and M.O. Security Week’s Ionut Arghire goes into the gory details of how this ransomware program can actually take data from a victim’s computer and deliver this data “via UDP to 4,096 different IP addresses” – one of which is the C&C (Command and Control) server. Reminders of the Cerber ransomware exploit are found in the Cry exploit, in that it sends the information it steals to the C&C server via UDP, which was also the case with Cerber.
The Cry/CSTO ransomware is a particularly fastidious and busy one, in that it even resorts to compiling details of its data-grabbing and adding them (via Imgur.com) to a fake PNG image file, assigning it a specified photo album. Imgur then responds with a unique file name, and then Cry/CSTO broadcasts that file name by way of UDP to also inform the C&C server. The Cry ransomware program can then exploit or use Google Maps API as well as the SSDI’s of proximal wireless networks to determine the ransomware victim’s physical location. It appears that it hasn’t been enough for malicious hackers to encrypt entire file databases and lock down computers in lieu of payment for the de-encryption of files, but now they’ve stepped up their menace by being able to say, via their hustling of Google Maps, “We know where you live.”
The debate about ransomware, and particularly on whether to “pay it or fight it” goes on. Cybersecurity and IT wizards will generally advise not paying ransomware hacktivists, as this only fuels them onward in their exploits. Instead, the best course of action is to get your data network properly secured through leading-edge, managed IT services that will keep your enterprise running in tip-top shape, able to leap ransomware threats in a single bound like mere cracks in the sidewalk.
Call on the IT Pros
If you have questions or concerns about ransomware threats and attacks, Where To Start is the leader in providing managed IT services in San Francisco. Contact our expert IT staff at (844) RASM or send us an email at - firstname.lastname@example.org if you have any questions or concerns regarding cybersecurity, and we will be happy to answer any and all your questions.