Threat Database Ransomware Click Me Ransomware

Click Me Ransomware

By GoldSparrow in Ransomware

The Click Me Ransomware may seem like a joke to some users considering that many researchers label it as the In-Development Ransomware and the Trojan is delivered to users by free software pretending to be a game. The Click Me Ransomware is deployed to users via a simple downloader packed as 'Click Me Game FREE' that you may be offered to install from spam email and ads shown by adware. Computer users that tend to play strategic games are likely to be aware of the term 'action per minute' (APM), which denotes how many actions a player can make per minute and is used as an indicator how effective a player is. Competitive gamers playing StarCraft 2 and similar titles might be interested in a free app like 'Click Me Game FREE.'

Users are Baited to Install the Click Me Ransomware

The program window of 'Click Me Game FREE' features a fun image and a single button that says 'Clcik me.' Variants of the 'Click Me Game FREE' app may come with pornographic images as well. The 'Click Me Game FREE' serves as a downloader and installer for the Click Me Ransomware. As soon as the user uses the 'Click Me' button the application connects to a remote host and installs the Click Me Ransomware to the Temp directory where temporary Internet files are stored usually. Ironically, the Encryption Trojan is installed as ransom.exe and programmed to begin the encryption procedure after an index with the targeted files is created. The Click Me Ransomware is known to encode file types associated with images, audio, video, presentations, text and spreadsheets. The Click Me Encryption Trojan is likely to corrupt data containers in the following formats:

.3GP, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .JAVA, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DXF, .DWG, .DRW, .CASB, .CCP.

Your SSD and HDD Drives are Vulnerable to the Click Me Ransomware

At the time of writing this, the Click Me Ransomware is unable to encode objects on NAS (Network-attached storage) drives, but we may see upgraded versions in the future. The initial release of the Click Me Ransomware used the AES-256 cipher to lock objects and append the '.hacked' suffix. For example, 'titanomyrma_giganteum.pptx' will be encoded to 'titanomyrma_giganteum.pptx.hacked' and the user will not be able to present a report on a prehistoric giant ant. As soon as the encryption procedure is completed, the user will be presented with the following message written in Farsi, which is a language that is descendant of Old Persian:

'Alright, my dear brother!!!
Enough free playing. Your files have been encrypted. Pay so much this much money so I can send you the password for your files.
I can be paid this much too cause I am very kind.
So move on I didn’t raise the price.'

As you can see, no price for decryption is provided, and the creator may set a price in newer variants of the Click Me Ransomware. No email is provided as well, which leads us to believe that the Click Me Ransomware may be a test build. AV vendors might detect DLLs and executable linked to the Click Me Ransomware as:

  • Ransom_CLICKMEG.A
  • TR/Agent.jjjkr
  • Trojan.GenericKD.3611661
  • Trojan.GenericKD.3611661 (B)
  • Trojan.MSIL.TrojanClicker
  • W32.Troj.Ransom.Filecoder!c

You should avoid the download of pirated games and software from spam email. You might want to stick to a schedule of creating backups regularly and store the backups on removable storage like portable SDD and HDD. Services like the Google Drive and Dropbox might prove very useful and help you manage backup images easily. PC users should consider installing a credible anti-malware shield to minimize the attacks surface that third parties can exploit to compromise their defenses.

Trending

Most Viewed

Loading...