CLICO Cryptor 2 Ransomware

New version of Ransomware created to test AV and sandbox products

CLICO Cryptor 2 Ransomware (aka CLICO Crypter). Ransomware created to test AV and sandbox products. JAVA based malware. Encrypts users files using AES128 algorithm. Encryption key protected by RSA2048 public key. This time we hunt for malware developers. Lets see where do you work




New version looks like this





Most important part is here

If you open clicocryptor2 your current location will be reported:







We can recognize some AV vendors: Check Point (Israel), Fortinet and Palo Alto (US), Kaspersky (Russia), G Data (Germany).

Did you know that there were about 20 different version of Clico Crypter and Crypter 2. Behavior was the same. There were only slight changes in code. Some comments, print line. Every change made cryptor invisible for most of AV! Till January :) But new version is comming...


You can find fist version here
You can also find us on Twitter