CradleCore
NJCCIC Threat Profile
Original Release Date: 2017-04-24
CradleCore, also known as Cradle Ransomware, is a Ransomware-as-a-Service (RaaS) kit currently being sold as source code on the Dark Web for a starting price of 0.35 Bitcoin. It is written in C++ and includes PHP server scripts and a payment panel. It also contains a sandbox-detection feature. CradleCore's developer boasts that the RSA public and private keys work both online and offline, suggesting that this ransomware can complete the encryption process even after an infected system is disconnected from the network. It targets over 300 file extensions in systems running Windows OS, encrypts files using the Blowfish symmetric block cipher, appends .cradle to file names, and drops a ransom note named \HOW_TO_UNLOCK_FILES_.html_. CradleCore supports ransom payments in the form of Bitcoin, Ethereum, and Monero.
- Forcepoint provides more information about CradleCore here.
- The NJCCIC is not currently aware of any free decryption tools for CradleCore.
Featured Content
- Sextortion & Romance Scams Continue with New Tactics>
- Increase in Reports of Gift Card Scams>
- Phishing-as-a-Service Operation Identified>
- Vaccination Lures in Recent Phishing Campaigns>
- Cryptocurrency Scams Increase>
- FortiGate SSL-VPN Credentials Leaked by Threat Actors>
- Microsoft Patches Several Actively Exploited Flaws>
- Updates Available for Actively Exploited Flaws in Apple Devices>
- Back-to-School Cybersecurity>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.