Researcher Karsten Hahn has found a new Windows ransomware strain called Try2Cry. This new malware is wormable and spreads through USB and Windows Shortcut files. It’s said to be a variant of Stupid Ransomware and having both wormable and non-wormable types. It scans for various file types and infects them, and also places a copy of itself in USB flash drives, thus trying to infect others systems if connected.
New Ransomware Infecting Through USB Drives
Ransomware authors are crafting their malware so cleverly that, they’re able to sneak into vulnerable PCs in several unanticipated forms and also intelligently escape detection. Here, in the latest disclosure by Karsten Hahn revealed a new ransomware group called Try2Cry, which can infect and spread across the network via flash drives and Windows Shortcut (.ink) files. Since it’s avoiding the general way of phishing and exploiting the legitimate tools, it’s common that it could sneak in covertly.
The researcher attributed the malware to be a variant of Stupid Ransomware and employs similar methods like Spora, Dinihou and Gamarue ransomware groups. It’s also known the malware to be having two variants – wormable and non-wormable types. Researcher say the Try2Cry is using Rijndael algorithm to encrypt files and would infect file types like doc, .xls, .ppt, .jpg, .xlsx, .docx, .pptx, .xls, and .pdf. Well, it avoids system names like DESKTOP-PQ6NSM4 or IK-PC2 in the infecting process.
It’s clever enough to place visible files like in Arabic or folder icons on the system, which act as a clickbait and lures the victim to click on it. These could probably be the malicious Windows shortcut files, and if clicked or run, could infect the PC.
Moreover, it’s said to be placing a copy of its malware in any connected USB flash drive, thus making it a host and preying on other systems if connected. Researchers said the malware is decryptable, but still warns about plugging unknown USB drives.