This Ransomware Exposes Users’ Location Data on the Internet

If you think that your location data is safe then you are mistaken because there is a new series of ransomware that can post your location data on the internet. The most advanced of them all is the “CryLocker.”

Until now we believed that ransomware was supposed to lock or send away the data from an infected computer to the attackers directly or to the command & control servers (C&C) from where it was controlled. But this new breed of ransomware is equipped with diverse capabilities.

Ransom note that victim sees once their files are locked

Related : How to secure your cyber infrastructure from threats like ransomware?

What this ransomware do is retrieve your location data from Google Maps and then post the retrieved image on Imgur, a photo sharing community. CryLocker utilizes Portable Network Graphic (PNG) image files to access the victim’s credentials. If the image does not get uploaded on Imgur, the ransomware CryLocker tries to upload it on other websites like In case, both these websites fail to upload the location data image, the ransomware relays the information directly to the same IP address 4096 through using UDP port 4444.

According to security experts at Malware Hunter Team, the creators of this new ransomware aim to hide their own location and identities with this kind of malware. Moreover, researchers believe that hackers are using UDP protocol to conceal their C&C servers more profoundly.

The ransomware also tries to retrieve data such as Wi-Fi point of the target, system’s language and keyboard layout. CryLocker is programmed in a way that it doesn’t activate itself if it identifies the system language to be Russian or from another country that is part of the Commonwealth of Independent States.

What would you do if your system became infected with ransomware or someone has hacked your site and demanding ransom? The FBI tell victims to pay the ransom, however, this is not the solution as it only encourages cyber criminals to boost their activities. But keeping a backup will help you big time. Also, Kaspersky and Intel assisted by Europol and Dutch Police recently launched an anti-ransomware website ‘No More Ransom in order to assist Internet users against ransomware by recovering their files at no cost to stop them from payment ransom to criminals.

Also Read: 7 Cases When Victims Paid Ransom to stop cyber attacks

To read more technical details on CryLocker ransomware we highly recommend going through in-depth research work from Malware Hunter Team.

Related Posts