CryForMe Ransomware

The CryForMe Ransomware is an encryption ransomware Trojan that was observed on June 14, 2017. The CryForMe Ransomware is one of the countless variants of HiddenTear, an open source ransomware platform that has spawned countless variants since it first appeared in the Summer of 2015. The CryForMe Ransomware may be delivered to victims through the use of a corrupted Microsoft Word document, which will execute compromised scripts on the victim's computers to download and install the CryForMe Ransomware onto the targeted computers. Once the CryForMe Ransomware is installed, the CryForMe Ransomware will encrypt the victim's files and then ask for a ransom to recover the affected files.

Instead of CryForMe It should be ICryForYou

There is virtually no difference between the CryForMe Ransomware and the countless other ransomware variants that are active currently. The CryForMe Ransomware is identical to other HiddenTear variants, especially, which carry out an effective ransomware attack. The CryForMe Ransomware can be recognized because of its characteristic ransom note, and the files encrypted by the CryForMe Ransomware attack will be marked with the file extension '.cfm,' which is added to each affected file's name. During its attack, the CryForMe Ransomware will target the user-generated files, looking for files associated with software such as Microsoft Word, Libre Office, Adobe Acrobat, etc., as well as media files such as photos, videos and music. After the CryForMe Ransomware encrypts its victim's files, it will deliver a ransom note demanding a ransom to receive the decryption key necessary to recover the affected files. The CryForMe Ransomware's ransom note is displayed in a program window that pops up and displays the following message to the victim:

'Your file have been ENCRYPTED !!!
-What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
-Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
If you want to decrypt all your files, you need to pay.
You only have 7 days to submit the payment. After that the price will be doubled.
Once the price doubled you have other 7 day for pay, otherside the price will be very high.
How Do I Pay?
Payment is accepted in Bitcoin only.
Please check the current price of Bitcoin and buy some bitcoins.
And send the correct amount to the address specified in this window.
In the payment description insert your name, your PC name, and your email (so we can send you the password.
-What happens after the payment?
After the payments we send you the password for the decrypt.
You have to click "Decrypt" button and insert the password; after this you have your files back.
PROMISE!
***
Send 250 € to this BITCOIN address:
19Roobh13zMQ9iNbN7GiaoSzbdkAiMRw7c [Copy]
PASSWORD HERE [Decrypt]'

How the CryForMe Ransomware Demands Its Ransom Payment

The CryForMe Ransomware demands that the victim pays a ransom of 250 euro in BitCoins, transferring it to the attackers' BitCoin wallet. The people responsible for the CryForMe Ransomware attack promise to provide the decryption software after the victim pays the ransom. However, this rarely happens. The extortionists responsible for these attacks are just as likely to ignore the ransom payment or re-infect the victim's computer, often asking for more money after the initial payment. Because of this, malware analysts advise computer users to avoid paying these ransoms. Instead, they should have file backups, which can allow them to recover from a CryForMe Ransomware attack quickly without having to resort to having to trust the people carrying out the attack. File backups combined with a reliable security application are the best protection against the CryForMe Ransomware.