CLICO Cryptor Ransomware

Ransomware created to test AV and sandbox products

CLICO Cryptor Ransomware (aka CLICO Crypter). Ransomware created to test AV and sandbox products. JAVA based malware. Encrypts users files using AES128 algorithm. Encryption key protected by RSA2048 public key.

What they say about CLICO Cryptor

"The ClicoCrypter Ransomware is a product of the Polish PC security company of Clico and isn’t for public distribution or intended for attacking regular users. The Trojan does, however, demonstrate the effectiveness of the AES and RSA encryptions by searching the infected PC for formats of media to encrypt and block (such as DOC or JPG), similarly to threats like Hidden Tear and EDA2"

According to the technical analysis, payload has many capabilities and could serve as a role model for many crypto-infections. ClicoCrypter virus changes the desktop image of infected operating systems, removes Shadow Volume copies, initiates changes in Windows Registry Key.

The case of the ClicoCrypter Ransomware serves as a study of a typical ransomware attack and is intended to allow researchers develop a way to protect the user's data with minimal input from the user.

Virus Total initial detection rate

Complete malware: 8/64 Results
Encryption module: 0/59 Results

Threat Level
Enigma Software: 10/10
Spywareremove: 10/10
Payload Security: 100/100
Lastline: 100/100

Technial analysis

You can find us on Twitter