A new strain of malware called cuteRansomware has been uncovered that uses a Google Doc generated by cybercriminals to host the decryption key and command-and-control functionality. Travis Smith, Senior Security Research Engineer at Tripwire commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“What makes cuteRansomware interesting is the usage of a well-known cloud service provider to as the command and control server. This instance is using Google Docs to maintain the encryption and decryption keys for each victim. While unique, hosting the keys on Google Docs is a short term solution. Once Google is notified, it’s likely the form controlling the keys will be taken offline.
As with any piece of ransomware, it’s important to follow best practices such as keeping backups of important files, even if they are stored on the cloud. Just because files are stored in the cloud, doesn’t mean that they are safe from the greedy grasp of ransomware.”