Threat Encyclopedia



W32/DearCry.OGE!tr.ransom is a generic detection for a Ransomware DearCry trojan. Since this is a generic detection, this malware may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware may drop any of the following file(s):
    • readme.txt : This file is dropped all over the affected hosts drive and will serve as ransom notes.

  • Affected files of this Ransomware will use the filenaming format [OriginalFileName.Ext].CRYPT .

  • The malware may target files with the following extensions:
    • Python files source codes.
    • EXEcutable files .exe

  • This malware was also observed to affect/encrypt files located on shared drives.

  • Below is an illustration of the malware's Ransom notes:

    • Figure 1: Ransom Notes.

  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • 0e55ead3b8fd305d9a54f78c7b56741a
    • 6be28a4523984698e7154671f73361bf
    • 9f05994819a3d8c1a3769352c7c39d1d
    • c6eeb14485d93f4e30fb79f3a57518fc
    • cdda3913408c4c46a6c575421485fa5b

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.
  • Our FortiSandbox solution can flag this Ransomware please check this sample report on W32/DearCry.OGE!tr.ransom.

Telemetry logoTelemetry