ClicoCrypter Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 12 |
| First Seen: | August 18, 2017 |
| Last Seen: | September 18, 2021 |
| OS(es) Affected: | Windows |
The ClicoCrypter Ransomware is an encryption ransomware Trojan. A computer security firm based in Poland, Clico.pl, develops the ClicoCrypter Ransomware. The ClicoCrypter Ransomware's creators are working together with anti-virus developers to help computer users better protect their machines from ransomware Trojans like the ClicoCrypter Ransomware. The first release of the ClicoCrypter Ransomware was scheduled for mid-August 2017. The ClicoCrypter Ransomware is distributed using phishing email messages from reputable companies based in Poland, such as mobile phone providers and banks. The ClicoCrypter Ransomware may be delivered using an email attachment that takes the form of a Microsoft Word document. These documents will have enabled macro scripts that download and install the ClicoCrypter Ransomware onto the victim's computer.
Table of Contents
The Powerful Encryption Method Used by the ClicoCrypter Ransomware
The ClicoCrypter Ransomware runs as an executable file named 'Ksiegowosc2017.pdf.exe.' The ClicoCrypter Ransomware connects to its Command and Control server after it has infiltrated a computer, relaying information about the infected computer. The ClicoCrypter Ransomware uses the AES encryption to encrypt the victim's files, making them inaccessible. The ClicoCrypter Ransomware uses the RSA encryption to encrypt the decryption key generated from the AES encryption process, a method that is used by the vast majority of encryption ransomware Trojans since it guarantees that the victim' files will become inaccessible after the attack.
How the ClicoCrypter Ransomware Carries out Its Attack
Like other encryption ransomware Trojans, the ClicoCrypter Ransomware will target the files generated by the computer user, ranging from audio, video, music, photos, texts, eBooks, spreadsheets, etc. to files associated with commonly used software such as Microsoft Office, WinRAR, 7ZIP, Adobe Acrobat, and numerous others. The ClicoCrypter Ransomware will mark the files encrypted in the attack by adding the file extension '.enc' to the end of each affected file. As with most encryption ransomware Trojans, once the victim's files have been encrypted by the ClicoCrypter Ransomware attack, they are no longer readable or usable.
The ClicoCrypter Ransomware 'Ransom Demand'
After encrypting the victim's files, most encryption ransomware Trojans display a ransom demand asking for large amounts of money. The ClicoCrypter Ransomware also displays a 'ransom demand,' although the ClicoCrypter Ransomware was developed as a way to develop better anti-virus and security measures so that it's ransom demand is somewhat silly and does not demand that the victim pay money to recover. The ClicoCrypter Ransomware's ransom note is displayed in a program window labeled 'READMYFIRST.info,' which displays the following Polish text:
'Wszystkie twoje pliki zostały zaszyfrowane. Aby je odzyskać oplac abonament ADB/TVR na najblizesz dzisiec lat. Nastepnie wejdź na stoi i krzyknij "JESTEM KRÓLEM ZWIERZĄT. Twoje pliki zostana przywrocone.
Masz na to 15 minut
KLUCZ SZYFRUJĄCY:'
The above text, translated into English, reads as follows:
'Clico Crypter says: All your personal files are now encrypted
All your files have been encrypted. To get back your ADB/TVR subscription fee for the last year. Then stand and shout "I AM THE KING OF ANIMALS." Your files will be restored.
You have 15 minutes
DECRYPTION KEY:'
The ClicoCrypter Ransomware ransom note itself gives victims the decryption key necessary to recover from the ClicoCrypter Ransomware attack. Encryption threats usually do not behave like this, meaning that most of the time the victim's files will be lost irreparably unless there are backups available. Because of this, the use of file backups is the best possible protection from encryption ransomware Trojans. Being able to restore the files encrypted by a ransomware attack from an external memory device or the cloud allows victims to bypass any ransom demands. The ClicoCrypter Ransomware is capable of carrying out an effective ransomware attack. It is not unlikely that the code for the ClicoCrypter Ransomware could leak, allowing con artists to tweak it so that instead of providing the decryption key, it will demand a real ransom payment from the victim. It's happened before, with other ransomware Trojans released for 'educational purposes' initially.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.