Home Malware Programs Ransomware Cring Ransomware

Cring Ransomware

Posted: January 28, 2021

The Cring Ransomware is a newly spotted file-locker that appears to be part of a more sophisticated attack campaign. The criminals usually deploy the Cring Ransomware in the last stage of the attack, and before this, they use the MIMIKATZ tool to snatch data and credentials. In addition to this, they have been observed to deploy a cracked copy of the CobaltStrike framework.

The Cring Ransomware is a major point of interest in this campaign because it appears to be very threatening ransomware that has proven to be incompatible with free decryption software. When the Cring Ransomware infects a computer, it encrypts most of the files stored on the hard drive and then marks their names with the extension '.Cring.' On top of this, it drops the ransom note 'deReadMe!!!.txt' to the desktop.

The latter file informs the victims that the files on their network have been encrypted, and the only recovery option is to purchase a decryption service from the criminals. They offer to unlock up to two files for free to prove their ability to complete the task. The emails they provide are eternalnightmare@tutanota.com and qkhooks0708@protonmail.com.

We advise users not to get in touch with Cring Ransomware's creators and to look for other file recovery options. Paying the ransom fee is not a guarantee that you will get your files back, and it is entirely possible that the criminals might trick you. Last but not least, they are likely to demands thousands of dollars. The Cring Ransomware's attack can be prevented with the use of a regularly updated anti-virus tool.

Loading...