CLICO Cryptor 2 Ransomware
New version of Ransomware created to test AV and sandbox products
CLICO Cryptor 2 Ransomware (aka CLICO Crypter). Ransomware created to test AV and sandbox products. JAVA based malware. Encrypts users files using AES128 algorithm. Encryption key protected by RSA2048 public key. This time we hunt for malware developers. Lets see where do you work
New version looks like this
Most important part is here
If you open clicocryptor2 your current location will be reported:
We can recognize some AV vendors: Check Point (Israel), Fortinet and Palo Alto (US), Kaspersky (Russia), G Data (Germany).
Did you know that there were about 20 different version of Clico Crypter and Crypter 2. Behavior was the same. There were only slight changes in code. Some comments, print line. Every change made cryptor invisible for most of AV! Till January :) But new version is comming...
You can find fist version here
You can also find us on Twitter