Ransomware Exposes Users Location Data on the Internet


If you think that your location data is safe then you are mistaken because there is a new series of ransomware that can post your location data on the internet. The most advanced of them all is the “CryLocker.”

Until now we believed that ransomware was supposed to lock or send away the data from an infected computer to the attackers directly or to the command & control servers (C&C) from where it was controlled.

But this new breed of ransomware is equipped with diverse capabilities.


Ransom note that victim sees once their files are locked

What this ransomware do is retrieve your location data from Google Maps and then post the retrieved image on Imgur, a photo sharing community.

CryLocker utilizes Portable Network Graphic image files or PNG files to access the victim’s credentials.

If the image does not get uploaded on Imgur, the ransomware CryLocker tries to upload it on other websites like paste.org.

In case, both these websites fail to upload the location data image, the ransomware relays the information directly to the same IP address 4096 through using UDP port 4444.

According to security experts at Malware Hunter Team, the creators of this new ransomware aim to hide their own location and identities with this kind of malware. Moreover, researchers believe that hackers are using UDP protocol to conceal their C&C servers more profoundly.

The ransomware also tries to retrieve data such as Wi-Fi point of the target, system’s language and keyboard layout.

CryLocker is programmed in a way that it doesn’t activate itself if it identifies the system language to be Russian or from another country that is part of the Commonwealth of Independent States.

What would you do if your system became infected with ransomware or someone has hacked your site and demanding ransom?

The FBI tell victims to pay the ransom, however, this is not the solution as it only encourages cyber criminals to boost their activities.

But keeping a backup will help you big time.

Also, Kaspersky and Intel assisted by Europol and Dutch Police recently launched an anti-ransomware website ‘No More Ransom in order to assist Internet users against ransomware by recovering their files at no cost to stop them from payment ransom to criminals.


What is ransomware?

Ransomware which is often called CryptoLocker, CryptoDefense or CryptoWall, is a family of malware that takes files on a PC or network storage, encrypts them, and then extorts money to unlock the files.

Ransomware is one of the most widespread and damaging threats that internet users face today.

Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.

The current wave of ransomware families can have their roots traced back to the early days of Fake AV, through Lockervariants, and finally to the file-encrypting variants that are prevalent today.

Each distinct category of malware shares a common goal – to extort money from victims through social engineering and outright intimidation.

The demands for money have grown more forceful with each iteration.

9 best security practices to apply now

Staying secure against ransomware isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees are essential to reduce the risk of an attack.

The following are the best practices to apply now:

1. Backup regularly and keep a recent backup copy off-site

There are other risks besides ransomware that can cause files to vanish, such as fire, flood, theft, a dropped laptop, or even an accidental delete.

Always do a regular backup of your files and encrypt your backup.

This way you don’t have to worry about the backup device falling into the wrong hands.

2. Enable file extensions

The default Windows setting has file extensions disabled.

This means that you have to rely on the file thumbnail to identify it.

Enabling extensions makes it much easier to identify file types that are not commonly sent, such as JavaScript.

3. Open JavaScript (.js) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

4. Don’t enable macros in document attachments received via email

Microsoft turned off auto-execution of macros by default many years ago as a security measure.

A lot of infections rely on persuading you to turn macros back on, so don’t do it!

5. Be cautious about unsolicited attachments

Crooks rely on the dilemma that you can’t tell if the file is the one you want until you open it.

If in doubt leave it out.

6. Don’t give yourself more login power than you need

Don’t stay logged in as an administrator any longer than necessary and avoid browsing, opening documents, or other regular work activities while you have administrator rights.

7. Consider installing the Microsoft Office viewers

These viewer applications let you see what documents look like without opening them in Word or Excel.

In particular, viewer software that doesn’t support macros, so that you can’t enable them by mistake!

8. Patch early, patch often

Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash, and more. The sooner you patch, the fewer vulnerabilities there are to be exploited.

9. Stay up-to-date with new security features in your business applications

Office 2016 now includes a Block macros from running in Office files from the internet control, which helps protect against external malicious content without stopping you using macros internally.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.