Cry Brazil: ransomware hijacks Brazilian PCs; know how to protect yourself | Security

Cry Brazil: ransomware hijacks Brazilian PCs; know how to protect yourself | Security

Cry Brazil is a type of ransomware that has attracted the attention of digital security researchers. Discovered this month by MalwareHunterTeam, the virus is spreading over the Internet and targets mainly Brazilian users. When installed, the malware encrypts and "hijacks" computer files and changes the Windows wallpaper with a message in Portuguese asking for ransom to release the documents.

The malicious software was developed based on Hidden Tear, an open source project used to teach how to create a ransmoware in a basic way. Cry Brazil has the same proposal as WannaCry, a virus that reached several countries and caused chaos in public and private company systems.

Understand why hackers ask for bitcoin ransom

Wallpaper replaced by image with instructions for rescue Photo: Reproduo / PC RiskWallpaper replaced by image with instructions for rescue Photo: Reproduo / PC Risk

Wallpaper replaced by image with instructions for rescue Photo: Reproduo / PC Risk

Ransomware is malware that hijacks the victim's computer and charges a cash value for ransom, usually in digital currencies, such as Bitcoin. This type of malicious software acts by encrypting the files of the operating system so that the user can no longer open these documents.

The most famous case to date is WannaCry. Ransonware spread in 2017 leading to panic for rendering millions of computers useless around the world.

How does Cry Brazil spread?

Cry Brazil brings the same proposal as WannaCry, but its construction is based on codes from a well-known development kit. Criminals try to attract victims through phishing attacks by sending a fake document via email. The file simulates a PDF, but it brings a hidden executable that installs the virus on the computer.

When trying to open the fake PDF and install the ransomware on the computer, the malicious software scans to identify the files on the machine. Then it uses encryption to prevent them from being opened – all documents, including photos, videos, music and texts, are blocked and gain the extension .crybrazil.

In addition, malicious software can also change the Windows wallpaper. Unlike other types of ransomware, the image does not show any key for depositing digital coins. Only one contact email appears in the notice.

It also creates a document "SUA_CHAVE.html". Upon clicking, the user is redirected to a fake page to download Adobe Flash Player.

Cry Brazil encrypts files Photo: Reproduo / PC RiskCry Brazil encrypts files Photo: Reproduo / PC Risk

Cry Brazil encrypts files Photo: Reproduo / PC Risk

By using already known codes, most antiviruses are already able to detect Cry Brazil and prevent it from being installed on the computer. According to the Virus Total tool, among the software that identifies Cry Brazil are AVG, Avast and Kaspersky. Here are some tips to protect yourself:

  • Keep your system and antivirus up to date.
  • Do not download unsolicited files by email.
  • Avoid clicking on unknown links.

If your computer has already been affected and your files have been encrypted by Cry Brazil, the recommendation will not pay the ransom. A system reset can bring them back to normal.