Trust Guard Blog

Goodbye Hackers! Hello Sales!

  • Home
  • Features
  • Commentary
  • News
  • Get Started
New Ransomware Could Post Your Personal Data Online

New Ransomware Could Post Your Personal Data Online

September 12, 2016 By James Wales Leave a Comment

A new strain of ransomware called “Cry” encrypts data with its .cryextension. It harvests your location data from Google Maps and pasting it as an image onto imgur.com.

A lot of ransomware variants simply send the victim’s information directly to the attacker’s Command and Control (C&C) servers. Cry, however, uses Portable Network Graphic (PNG) image files to document the victim’s information. This can include the location and the list of encrypted files. Then it uploads the picture directly to an album within public image sharing sites like Imgur.

Security researchers say that one of the reasons hackers are using these tactics is to hide their location and identities. It is another step in their smoke-and-mirrors strategy in case they have to change their C&C IP addresses. A PNG file containing the victim’s information is uploaded to an Imgur account each time a new victim is infected. This image gets a unique file name and is broadcast to the 4096 IP addresses it uses (hidden among these IPs is the real C&C server). This way a record of the victim will always be accessible.

If the Imgur upload fails, Cry will attempt to post the information to pastee.org instead. Ultimately, if both the Imgur and pastee.org uploads fail, the information is just relayed directly to the same 4096 IP addresses using UDP port 4444. Researchers say that they chose the UDP protocol to further hide the C&C server’s real address. Other user information said to be gathered by Cry include the Wi-Fi Access Point used by the target machine, the keyboard layout and also the system’s language.

Not all languages are affected.

locky-ransomware-fb

Interestingly, Cry does not activate if it detects the following languages: Russian, Kazakh, Belorussian, Sakha, Ukrainian and Uzbek. This highly suggests that Cry originates from Russia or another country from the Commonwealth of Independent States. We know that some of the biggest hackers come from Russia because we’ve caught some of them.

To protect your website against ransomware, we recommend software security products like those offered by Trust Guard, the leader in website security and verification. If your website has an instance of Google Maps on your website, hackers won’t be able to access it. Trust Guard can monitor your site for ransomware and 75,000 vulnerabilities used by hackers to access your website.

Special thanks to Komando.com for much of the information found in this article.

When shoppers feel confident, they are more likely to buy from you.

Related posts:

  1. The Ten Most Common Online Security Vulnerabilities (Part 1)
  2. Seven Deadly Sins of Cyber Security
  3. Tips During Cybersecurity Awareness Month
  4. New Book Says “The Hackers are Coming!”

Filed Under: News, Trust Guard Tagged With: cyber-security, data security, hackers, malware, ransomware, vulnerabilities

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular

PCI Compliance: What You Need to Know to Protect Your Business

PCI Compliance: What You Need to Know to Protect Your Business

4 Business Lessons from the Game of Thrones

4 Business Lessons from the Game of Thrones

Do Your Home Appliances Collect Personal Data?

Do Your Home Appliances Collect Personal Data?

What Potatoes Can Teach Us About Security

What Potatoes Can Teach Us About Security

Categories

  • Commentary
  • emailpromo
  • Features
  • News
  • Popular
  • Trust Guard

About · Contact Us · Get Started
Copyright © 2022 · Trust Guard