Ransomware is probably the most dangerous type of cybernetic attacks out there, and you should stay away from it as much as possible if you care about your device. As the name suggests, such type of infection grabs your files, and you won’t have access to them anymore until you pay a ransom to a certain bank account.
Another new ransomware is threatening some Linux Servers, and it’s called NextCry. It targets only the clients of the NextCloud file sync and share service, which is enough to spread fear among the web.
NextCry cannot be detected with any popular antivirus, as far as we know. And fighting something you can’t see is really a big challenge. A NextCloud user called xact64 posted on a forum his experience with the pesky ransomware that gave him a lot of headaches. No antivirus engine on the VirusTotal scanning platform has been able to detect it. The guy wrote:
I realized immediately that my server got hacked and those files got encrypted. The first thing I did was pull the server to limit the damage that was being done (only 50% of my files got encrypted)
BleepingComputer even discovered that the NextCry ransomware is a Python script compiled in a Linux ELF binary using the pyInstaller.
The ransom demanded is $210
The ransom note gives you the bad news once you access a file named “READ_FOR_DECRYPT”, which says that the users’ data is encrypted with the AES algorithm with a 256-bit key. It demands the equivalent amount for $210 to unlock your files; otherwise, you can lose them. Actually, the hackers set a ransom of BTC 0.025, so that it will be more difficult for authorities to track them.
The best way to avoid infecting your device with ransomware or any other kind of virus remains this: avoid as much as possible to click on random links on the web, your mail, or even when someone sends you a file. Be skeptic about anything you see online, and this should do better than any antivirus.