ClicoCrypter is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on July 1, 2017, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
ClicoCrypter
First Seen
July 1, 2017
How ClicoCrypter Ransomware Works
Targeted Files
Ransom note path -> c:\ClicoCrypter\;c:\krecik\(Set in Winrar SFX exe)
Written in Java
File Encryption Patterns
ClicoCrypter modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..enc
Ransom Note and Payment Demands
After encrypting files, ClicoCrypter displays ransom notes demanding payment for file recovery:
fileREADMYFIRST.info
Ransom message:
notes/READMYFIRST.info
message
Ransom message:
notes/note.txt
Note locations:
OnceOnCompletion
Technical Indicators
Associated Executable Files
The following executable files are associated with ClicoCrypter ransomware:
Ksiegowosc2017.pdf.exe
bypassed.exe
Clicocryptor.jar
ksiegowosc.exe
Instrukcja_2222.exe
Elastio Can Help You
Don't let ClicoCrypter ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This ClicoCrypter ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like ClicoCrypter.