When Microsoft revealed earlier this month that Chinese spies had gone on a historic hacking spree, observers reasonably feared that other criminals would soon ride that group’s coattails. In fact, it didn’t take long: A new strain of ransomware called DearCry attacked Exchange servers using the same vulnerabilities as early as March 9. While DearCry was first on the scene, on closer inspection it has turned out to be a bit of an odd cybercrime duck.
It’s not that DearCry is uniquely sophisticated. In fact, compared to the slick operations that permeate the world of ransomware today, it’s practically crude. It’s bare-bones, for one, eschewing a command-and-control server and automated countdown timers in favor of direct human interaction. It lacks basic obfuscation techniques that would make it harder for network defenders to spot and preemptively block. It also encrypts certain file types that make it harder for a victim to operate their computer at all, even to pay the ransom.