crylocker This Ransomware Exposes Users’ Location Data on the Internet

[vissha]

This Ransomware Exposes Users’ Location Data on the Internet

 

 

If you think that your location data is safe then you are mistaken because there is a new series of ransomware that can post your location data on the internet. The most advanced of them all is the “CryLocker.”

 

Until now we believed that ransomware was supposed to lock or send away the data from an infected computer to the attackers directly or to the command & control servers (C&C) from where it was controlled. But this new breed of ransomware is equipped with diverse capabilities.

 

Ransom note that victim sees once their files are locked

 

What this ransomware do is retrieve your location data from Google Maps and then post the retrieved image on Imgur, a photo sharing community. CryLocker utilizes Portable Network Graphic (PNG) image files to access the victim’s credentials. If the image does not get uploaded on Imgur, the ransomware CryLocker tries to upload it on other websites like paste.org. In case, both these websites fail to upload the location data image, the ransomware relays the information directly to the same IP address 4096 through using UDP port 4444.

 

According to security experts at Malware Hunter Team, the creators of this new ransomware aim to hide their own location and identities with this kind of malware. Moreover, researchers believe that hackers are using UDP protocol to conceal their C&C servers more profoundly.

 

The ransomware also tries to retrieve data such as Wi-Fi point of the target, system’s language and keyboard layout. CryLocker is programmed in a way that it doesn’t activate itself if it identifies the system language to be Russian or from another country that is part of the Commonwealth of Independent States.

 

What would you do if your system became infected with ransomware or someone has hacked your site and demanding ransom? The FBI tell victims to pay the ransom, however, this is not the solution as it only encourages cyber criminals to boost their activities. But keeping a backup will help you big time. Also, Kaspersky and Intel assisted by Europol and Dutch Police recently launched an anti-ransomware website ‘No More Ransom’ in order to assist Internet users against ransomware by recovering their files at no cost to stop them from payment ransom to criminals.

 

To read more technical details on CryLocker ransomware we highly recommend going through in-depth research work from Malware Hunter Team.

 

Source

[knowledge-Spammer]

not nice this one

[lurch234]

Quote

 This Ransomware Exposes Users’ Location Data on the Internet

 

Lol! So what!? Who knows what's all tracking me already. That wouldn't make me want to pay them more! My OS and other files are backed up on a USB 3 external drive and all my movies, music and games on another.

Even if I would get caught by Ransomware it just be an annoyance at worst. They wouldn't get a penny from me.

[straycat19]

2 minutes ago, lurch234 said:

 

Lol! So what!? Who knows what's all tracking me already. That wouldn't make me want to pay them more! My OS and other files are backed up on a USB 3 external drive and all my movies, music and games on another.

Even if I would get caught by Ransomware it just be an annoyance at worst. They wouldn't get a penny from me.

 

That's fine as long as you remember to disconnect it after backing up.  Same with NAS units, if you leave them logged on all the time then they can be encrypted too.  Some people are lazy and don't like to log on and off whenever they want to access them so they really have no backup, it's just another system drive.  Every night I do a full image backup of all my personal computers, both desktops and laptops, that have been used that day, and keep the last 12 backups in archives.  Just in case.

[lurch234]

3 minutes ago, straycat19 said:

That's fine as long as you remember to disconnect it after backing up.

 

of course