CryLocker Ransomware Gather Victim Wi-Fi Network Information And Location On Google Map.
- Over 10,000 Users Infected from CryLocker Ransomware.
- Files extension changes to *.CRY. Detected By TrendMicro and MalwareHunterTeam.
- It Spread through Free online image hosting sites.
CyberCriminals can track their victims from PNG image files. After owned information from victim computers, CryLocker Ransomware sends PNG file to an Imgur album.
According to Trendmicro,
A malvertising (malicious advertising) campaign was found to be distributing this ransomware through Rig exploit kit last September 1. From September 2 onwards, this campaign stopped pushing this threat as their payload. Upon closer inspection to the uploaded PNG files in Imgur, the initial information we spotted there was encrypted as early as August 25.
Some languages are detected such as Belarusian, Kazakh, Russian, Sakha, Ukrainian and Uzbek.
|CryLocker Ransomware Note. Credit: Trendmicro|
How does it work?
CryLocker Ransomware first copies the files to encrypt them after that it deletes the original files. Various Ransomware just using for encrypting the computer data. Crylocker Ransomware developers ask victim to pay 1.1Bitcoin around $630USD to unlock their files. This Ransomware also detects Wi-Fi network details to show the victim location on Google Maps.
How can we Protect?
- Do not click on suspicious files.
- Always On your Browser protection.