Threat Database Ransomware Cring Ransomware

Cring Ransomware

The Cring Ransomware is a file-locking Trojan that can prevent users from opening documents and other media with its encryption feature. This Trojan has no known relatives and delivers a unique ransom note requiring a two Bitcoin ransom for a file-unlocking service. Adequate backup protocols will nullify most of the data-loss danger from its payload while all users can depend on their anti-malware solutions for removing the Cring Ransomware.

Cringing at the Signs of Another, New Trojan

With attacks going back to December of 2020, the Cring Ransomware is an active part of the threat landscape. Like similar, file-locking Trojans, the program works in Windows operating systems and blocks ransom-suitable files with its encryption routine. Since malware analysts estimate that the Trojan's attacks are secure from third-parties, a victim's best hope is a backup already safe on some other device.

Features that malware experts anticipate in the Cring Ransomware's current build include disabling security features by terminating their services, modifying the Windows Registry harmfully, and, of course, encrypting files. It marks each file that it encrypts and locks with a 'cring' extension (note: removing the extension doesn't reverse the encryption). It's also likely to boast of other yet-to-receive-confirmation features, such as removing any Restore Points.

The Cring Ransomware drops a text or Notepad TXT file for its ransom note. The English instructions are totally-new to this campaign and not a copy-paste from any of the previous, countless threats similar to it. It sells its unlocking help for a tentative two Bitcoins (sixty-five thousand USD), which sells the idea that it targets enterprise-level networks readily, which the note's wording implies. However, even a single PC at home is also at risk from the Cring Ransomware's encryption and file-blocking potential.

Striking Back at Trojans before They Start

There is circumstantial evidence that some Cring Ransomware infections employ Cobalt Strike. This program is a threat simulation tool that threat actors abuse occasionally by weaponizing it as a backdoor Trojan. Malware experts also confirm cases of at least two victims in the wild since the last month of 2020. However, stricter details on its infection and distribution methods remain underway.

Adequate protection from file-locking Trojans always includes a backup for any media files that the owners can't afford to lose outright in infections. Backing up data to remote, cloud servers or removable storage lets users restore the work later, after dealing with the Trojan and security breach. Note that the Cring Ransomware may not be the only threat on the system; affected users should disable internet connectivity and change at-risk passwords while troubleshooting all possibilities.

Dedicated anti-malware services are traditionally-deft at removing all file-locking Trojans, even totally-independent ones like the lone the Cring Ransomware. Manual removal of the Cring Ransomware is not a solution malware experts encourage due to various risks, both to the system's safety and the integrity of any remaining files.

The Cring Ransomware may have new words worth saying, but its behavior tells the entirety of its story. Threat actors with ransoms on their minds may strike through e-mail phishing lures, supply-chain-compromised updates, or brute-forcing passwords. Still, it usually is defensible by employees paying attention.

Related Posts

Trending

Most Viewed

Loading...