A new ransomware called Try2Cry was recently discovered by computer security researcher Karsten Hahn, analyst for the antivirus publisher G Data
A new ransomware called Try2Cry was recently discovered by a computer security researcher. It has the particularity of spreading to other PCs by infecting USB keys and using Windows shortcuts (LNK files).
A new ransomware called Try2Cry was recently discovered by computer security researcher Karsten Hahn, analyst for the antivirus publisher G Data Software. According to his information, this ransomware attempts to make its way to other PCs by infecting USB sticks connected to the currently attacked device.
After infecting a device, Try2Cry encrypts the .doc, .jpg, .xls, .pdf, .docx, .pptx, .xls and .xlsx files and then adds a .Try2cry extension on all encrypted files. The data is encrypted using Rijndael, a symmetrical encryption algorithm used by the AES standard. But as mentioned above, the most amazing feature of this ransomware is its ability to propagate via UBS keys.
Pushing the user to self-infect himself
Once installed on a PC, the ransom program first searches for all removable drives connected to the compromised computer and sends a copy of itself called Update.exe to the root folder of each USB flash drive it finds. Then it will hide all the files on the removable drive and replace them with Windows shortcuts (LNK files) with the same icon.
When you click on these shortcuts, all these files open the original file and also launch the Update.exe Try2Cry ransom payload in the background. In addition, Try2Cry also creates visible copies of itself using the Windows default icon for folders. Names are deliberately written in Arabic to entice the victim to click and launch the infection.
Nevertheless, Try2Cry's Windows shortcuts have arrows on the side that make it much easier to locate it after infecting a USB key. Finally, the security researcher points out that this ransomware is nevertheless easily decryptable, for anyone with basic programming skills.