NextCry Ransomware

Ransomware threats usually sneak into a computer and make sure to lock all the data present before they attempt to blackmail the victim into paying a ransom fee. However, some authors of ransomware threats are more creative. One of the newest spotted threats is called NextCry Ransomware. Instead of targeting computers, the NextCry Ransomware goes after a file-sharing service called NextCloud. The NextCloud service is popular both among regular users and small and large businesses. Users of the NextCloud platform have been targeted by the cyber crooks behind the NextCry Ransomware, and victims have had their data encrypted.

Encryption and Synchronization

When cybersecurity experts studied the NextCry Ransomware, they found that most of it is written in the Python programming language. The NextCry Ransomware can only operate on operating systems, which are UNIX-based, seeing as the executable is ELF Binary suited for the Linux OS. When the NextCry Ransomware infiltrates its target, it will scan the data and check the settings in regard to synchronization. Next, the NextCry Ransomware begins encrypting the targeted data. After this, the threat also will make sure to trigger the synchronization process. This would ensure that any backup copies of the files also will undergo the encryption process of the NextCry Ransomware. Depriving the user of a chance to retrieve their data from the backup makes it more likely that they will consider paying the ransom fee. When the NextCry Ransomware locks a file, it appends a '.nextcry' extension at the end of the filename.

Furthermore, this nasty data-encrypting Trojan also encodes the name of the locked files by applying the base64 method. In the ransom message, the attackers state that they would like to receive 0.25 Bitcoin (approximately $2,100 at the time of typing this post) as a ransom fee. The authors of the NextCry Ransomware provide an email address where they can be contacted for further information or instructions – ‘aksdkja0sdp@ctemplar.com.'

The NextCloud service stated that the recently released CVE-2019-11043 for an RCE (Remote Code Execution) vulnerability affecting NGINX Web server software aided the attackers in compromising the platform.

It is not a good idea to contact the creators of the NextCry Ransomware, and you should not give them your hard-earned cash either certainly. Make sure you have installed a legitimate anti-malware tool and keep your software up to date to diminish the chances of becoming a victim of ransomware.