Test subject – CryBrazil ransomware
Another HiddenTear based ransomware got released these days, called CryBrazil. The opensource platform initially created for educational purposes only was quickly adopted by malware developers who continue to develop and release new variants. Some of them are also decryptable, but most of them are not, making HiddenTear infections quite dangerous.
CryBrazil ransomware test facts
CryBrazil probably targets the Iberian Peninsula, its ransom note being written in Portuguese. As any other classic HiddenTear variant, once executed, the malware immediately starts encrypting user files, which can be recognized by their new extension, “.crybrazil”. Decrypting them requires a unique key, which is usually acquired after the ransom is paid. Once the encryption is done, the desktop background is changed with the Portuguese ransom note. CryBrazil also drops an HTML file. Opening it leads to a deceptive website, with many redirects, probably meant to distribute other malware.
The cost of recovery is unknown and it’s probably negotiated, as the ransom note only provides a contact info. Knowing that its C2 servers are already down, it is useless to even consider paying.
CryBrazil ransomware test results
TEMASOFT Ranstop detects CryBrazil ransomware easily once it starts processing files. Upon detection, the user is alerted, and the ransomware process is killed and quarantined. The affected files are automatically restored so that the user doesn’t lose her important documents.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.