When Microsoft revealed earlier this month that Chinese spies had gone on a historic hacking spree, observers reasonably feared that other criminals would soon ride that group’s coattails. In fact, it didn’t take long: A new strain of ransomware called DearCry attacked Exchange servers using the same vulnerabilities as early as March 9. While DearCry was first on the scene, on closer inspection it has turned out to be a bit of an odd cybercrime duck.
It’s not that DearCry is uniquely sophisticated. In fact, compared to the slick operations that permeate the world of ransomware today, it’s practically crude. It’s bare-bones, for one, eschewing a command-and-control server and automated countdown timers in favor of direct human interaction. It lacks basic obfuscation techniques that would make it harder for network defenders to spot and preemptively block. It also encrypts certain file types that make it harder for a victim to operate their computer at all, even to pay the ransom.
“Normally a ransomware attacker would not encrypt executables or DLL files, because it further hinders the victim from using the computer, beyond not being able to access the data,” says Mark Loman, director of engineering for next-gen technologies at security company Sophos. “The attacker might want to allow the victim to use the computer to transfer the bitcoins.”
One other wrinkle: DearCry shares certain attributes with WannaCry, the notorious ransomware worm that spread out of control in ..
Support the originator by clicking the read the rest link below.
