Recently, a new cyberthreat has been unveiled. The ransomware goes by quite a ludicrous name: CuteRansom Ransomware. Such a name has not been associated with the ransomware for fun purposes. The ransom plays with the minds of its victims by naming its files with the keyword of “cute”. As a consequence, users are easily tricked when they:
- Check their emails and click on a link or download any attachment which carries the above-mentioned keyword.
- Similarly, they are equally deceived when they come across such files while downloading freeware on the vast realm of internet.
However, in reality, it is an extremely dangerous ransomware. According to cybersecurity experts, its codebase is inspired from an open source Chinese code which is known as My-Little-Ransomware. So far, it mostly affects users based in China.
Like other standard ransomware, CuteRansom also locks user files and asks for money in exchange for ransomware removal. However, what makes it different is its operation with Google Docs. It utilizes Google’s online tool to save its victims’ data like name, birth history, password, credit card, and other critical details. Even the decryption key which can prove useful for ransomware removal, is stored in these docs. Hence, the ransomware effectively transforms Google Docs—one of the most productive software in the world—as a command & and control center for its evil machinations.
Security analysts state that the ransomware is composed of code belonging to the .NET ecosystem. A highly powerful version of RSA is used to damage user files and incorporated to disable the access of users to their desired files. An extension of .6db8 is used by the ransomware to lock the files. For instance, if you had a file myimage.png then after CuteRansom enters your computer; it encrypts the file where it now appears as myimage.png.6db8.
