A new ransomware named FileCry, named after WannaCry, has been discovered and analyzed by researchers. Upon successful encryption, the virus asks for 0.035 BTC to decrypt the files. After the ransomware is run, all files and subfolder files are encrypted with a suffix (.filecry) is appended to each file. A box is displayed directing victims to a Bitcoin wallet and email address for payment. The actors will then send a decryption key. The actual encryption algorithm is simplistic in nature and only adds 1 to each byte of data of the victim’s computer. The decryption key appears to be written directly into the decryption key judgment function.
The current version of the FileCry ransomware encryption algorithm is very “plain”. Directly add 1 to each byte of the file data of the victim’s computer according to the ASCII code, and then add the encrypted file suffix as .filecry to end the file encryption operation.