There are many threats that we can find when browsing the Internet, but undoubtedly one of the most dangerous is ransomware. In this article we echo a new variety called Try2Cry . This malware aims to make its way to other Windows systems via USB sticks. As always, the function is to encrypt the files and then ask for a ransom in return. Let’s see how it works and what we can do to avoid it.
Try2Cry, the new threat in the form of ransomware
As we have indicated many times, ransomware is one of the worst threats that we can find on the network. It is designed to encrypt our files or equipment in order to subsequently request a ransom in exchange for recovering them. It is true that the security tools that we can use to protect ourselves have improved, but also hackers have been able to perfect their attack techniques.
Try2Cry is a new variety of ransomware that, like many others, uses different methods to attack. This time his goal is to make his way to other Windows systems. It does it through USB sticks or pendrive. It was discovered by G DATA when they analyzed malware on a flash drive.
It is a .NET ransomware . Once it infects a computer, it begins to encrypt a wide variety of files such as .doc, .ppt, .jpg, .xls, .pdf, .docx, .pptx, .xls or .xlsx. Then add a .Try2Cry extension to all those files that you have encrypted. To encrypt these files, it uses a symmetric Rijndael key and an encrypted encryption key. According to the researchers, that encryption key is created by calculating a SHA512 hash of the password and using the first 32 bits of this hash.
But without a doubt the most important feature of Try2Cry is its ability to spread via USB flash drives . It searches for that removable drive connected to the compromised computer and sends a copy of itself called Update.exe to the root folder of each of the USB drives it finds.
Once this is done what it does is hide all those files on the USB drive and replace them with Windows shortcuts. When the victim clicks they will open the original file and also the ransomware payload in the background.
The good news is that this ransomware, as security researchers indicate, is decipherable.
How to avoid becoming victims of Try2Cry
It is important to prevent malware from entering our devices. We are not just talking about this specific variety, but any other. For this, the most important thing is always common sense . We must avoid accessing files that may be malicious and that we receive by e-mail or, as in this case, through a pendrive. We already saw tools to combat ransomware in another article.
It is also interesting to always have security tools . A good antivirus can prevent the entry of threats that may compromise our system. This is something that we must apply to all types of devices.
On the other hand, having the latest security patches is essential. On many occasions, vulnerabilities arise that are exploited by hackers to deploy their attacks. We need to correct those flaws.
