Getting hit by a ransomware is one of the worst predicaments that could happen to netizens. With the world’s migration to the e-space, the realization that your personal or business data is locked can be haunting for many individuals and businesses. Recently, a ransomware removal researcher was able to detect a cyberthreat lurking around in the security circles. The ransomware is known as CreamPie Ransomware. Luckily, early analysis has identified it as an underdeveloped release. Despite the inexperience displayed by its creators, the ransomware can be dangerous for your PC.
Initial Analysis
CreamPie uses malware spam for its distribution mechanism. Malware spams are those e-mails that are corrupted with malicious components. The ransomware embedded in their files cling on to the victim’s PC after an action is performed by the victims.
As the ransomware uses the victim’s naivety to enter the PC, it will then tinker with the operating system. This means that if you are using Windows OS, then CreamPie will go on to create its own processes. These processes run in the background and will change the keys of the Windows Registry.
Since, Windows Registry can configure device drivers, services, kernel and other OS components, changing its data means getting the license to control the entire PC of the victims. As a result, escaping the ransomware by just restarting the PC or network for ransomware removal is not possible.
Ransomware removal experts have concluded that the ransomware uses Advanced Encryption Standard (AES) to encrypt and lock the files. An extension of ‘[[email protected]].CreamPie’ is added to the end of the affected files.
However, unlike other ransomware, CreamPie has failed to add the ransom note that holds the detail about the ransom amount and its delivery method. Some ransomware removal experts believe that it was a rookie mistake while there are also those who fear that this may be a testing release and a more updated version may appear in the future.
