NoCry is a new ransomware threat that has been detected in the wild. Infosec researchers determined that this new malware is a variant of the previously observed Stupid Ransomware and the Judge Ransomware. As such, its behavior is nearly identical to the other two threats. The NoCry Ransomware also creates a mutex to ensure that only a single instance of the threat is running at any given time. The same anti-VM and sandbox techniques also are used here. And the threat possesses the capabilities to delete the System Restore Points.
Any characteristics that set the NoCry Ransomware apart can be described as mostly superfluous. It uses '.Cry' as an extension marking the encrypted files, while the ransom note is designed to mimic the one delivered by WannaCry Ransomware visually, instead. The hackers responsible for releasing the NoCry Ransomware want to receive a ransom paid using the Bitcoin cryptocurrency. To further create a sense of panic and instill urgency into their victims, the malware displays a countdown timer that starts at 72 hours. As with the Judge Ransomware, when the timer runs out, it would lead to an increase in the sum demanded by the hackers. The NoCry Ransomware, on the other hand, threatens its victims with a far more serious consequence - the ransomware threat will delete itself. At first glance, that might seem like a good thing. The problem is that the window generated by the malware contains the field for the decryption key and the 'Decrypt' button. This is the intended way for users to get their files back. Without the NoCry Ransomware being present on the system, that will no longer be possible.
Free Decryptor Available
Fortunately, victims of the NoCry Ransomware don't have to rely on the cybercriminals at all, to get their files back. Infosec researchers managed to create a decryptor for the files locked by the Judge Ransomware. The decryptor was made available as part of the NoMoreRansom initiative. Due to the extensive similarities between the two threats, the same decryptor also works for files affected by the NoCry Ransomware. Keep in mind, however, that the malware threat must be removed from the computer completely before any decryption attempts are made.