- Jul 22, 2014
- 2,525
This week, ID-Ransomware's Michael Gillespie noticed what appeared to be a new variant of the Crysis/Dharma Ransomware uploaded to his ID-Ransomware site. Jakub Kroustek then discovered a sample to confirm that it was indeed a new Crysis variant. This new version will append the .cobra extension to encrypted files. It is not known exactly how this variant is being distributed, but in the past Crysis was typically spread by hacking into Remote Desktop Services and manually installing the ransomware.
When this Cobra ransomware variant is installed, it will scan a computer for data files and encrypt them. When encrypting a file it will append an extension in the format of .id-[id]..cobra. For example, a file called [B]test.jpg[/B] would be encrypted and renamed to [B]test.jpg.id-BCBEF350.[cranbery@colorendgrace.com].cobra[/B].
It should be noted that this ransomware will encrypt mapped network drives and unmapped network shares. So it is important to make sure your network's shares are locked down so that only those who actually need access have permission.
You can see an example of a folder encrypted by the Cobra Ransomware variant below.
...
When this Cobra ransomware variant is installed, it will scan a computer for data files and encrypt them. When encrypting a file it will append an extension in the format of .id-[id]..cobra. For example, a file called [B]test.jpg[/B] would be encrypted and renamed to [B]test.jpg.id-BCBEF350.[cranbery@colorendgrace.com].cobra[/B].
It should be noted that this ransomware will encrypt mapped network drives and unmapped network shares. So it is important to make sure your network's shares are locked down so that only those who actually need access have permission.
You can see an example of a folder encrypted by the Cobra Ransomware variant below.
...
![.cobra. For example, a file called [B]test.jpg[/B] would be encrypted and renamed to [B]test.jpg.id-BCBEF350.[cranbery@colorendgrace.com].cobra[/B]. It should be noted that this ransomware will encrypt mapped network drives and unmapped network shares. So it is important to make sure your network's shares are locked down so that only those who actually need access have permission. You can see an example of a folder encrypted by the Cobra Ransomware variant below. ...](mailto:.cobra. For example, a file called [B]test.jpg[/B] would be encrypted and renamed to [B]test.jpg.id-BCBEF350.[cranbery@colorendgrace.com].cobra[/B].
It should be noted that this ransomware will encrypt mapped network drives and unmapped network shares. So it is important to make sure your network's shares are locked down so that only those who actually need access have permission.
You can see an example of a folder encrypted by the Cobra Ransomware variant below.
...){kind=link}