Ransomware Research
NoCry Ransomware
NoCry is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on October 1, 2021, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- NoCry
- First Seen
- October 1, 2021
How NoCry Ransomware Works
Targeted Files
f2a842eb78e2be3cd1d638a3dabcf21f8fbc35dcd768bb772f5e6080d1f246cc contains a lot of anti-vm, anti-debug tricks
File Encryption Patterns
NoCry modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..Cry
..IHA
Ransom Note and Payment Demands
After encrypting files, NoCry displays ransom notes demanding payment for file recovery:
How To Decrypt My Files.html
Ransom message:
notes/How To Decrypt My Files.html
Note locations:
Desktop
Ransom message:
notes/note.txt
Note locations:
Login
Technical Indicators
Associated Executable Files
The following executable files are associated with NoCry ransomware:
NoCry.exe
IHAransom.exe
sketchpro.exe
Elastio Can Help You
Don't let NoCry ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This NoCry ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like NoCry.
Last updated: July 30, 2025