contador web Skip to content

ransomware hijacks Brazilian PCs; know how to protect yourself

Cry Brazil: ransomware hijacks Brazilian PCs;  know how to protect yourself

Cry Brazil is a type of ransomware that has attracted the attention of digital security researchers. Discovered this month by MalwareHunterTeam, the virus is spreading over the Internet and targets mainly Brazilian users. When installed, the malware encrypts and «hijacks» computer files and changes the Windows wallpaper with a message in Portuguese asking for ransom to release the documents.

The malicious software was developed based on Hidden Tear, an open source project used to teach how to create a ransmoware in a basic way. Cry Brazil has the same proposal as WannaCry, a virus that hit several countries and caused chaos in public and private companies’ systems.

Understand why hackers ask for bitcoin ransom

1 of 2 Wallpaper is replaced by image with instructions for redemption – Photo: Reproduction / PC Risk

Wallpaper is replaced by image with instructions for redemption – Photo: Reproduction / PC Risk

Ransomware is malware that hijacks the victim’s computer and charges a cash value for ransom, usually in digital currencies, such as Bitcoin. This type of malicious software acts by encrypting the operating system files so that the user is no longer able to open these documents.

The most famous case to date is WannaCry. Ransonware spread in 2017 causing panic for rendering millions of computers unusable around the world.

How does Cry Brazil spread?

Cry Brazil brings the same proposal as WannaCry, however its construction is based on codes from a well-known development kit. Criminals try to lure victims through phishing attacks by sending a fake document via email. The file simulates a PDF, but has a hidden executable that installs the virus on the computer.

When trying to open the fake PDF and install the ransomware on the computer, the malicious software scans to identify the files on the machine. Then it uses encryption to prevent them from being opened – all documents, including photos, videos, music and texts, are blocked and have the extension .crybrazil.

In addition, malicious software can also change the Windows wallpaper. Unlike other types of ransomware, the image does not show any key for depositing digital coins. Only one contact email appears in the notice.

It also creates a «SUA_CHAVE.html» document. Upon clicking, the user is redirected to a fake page to download Adobe Flash Player.

2 of 2 Cry Brazil encrypts files – Photo: Reproduction / PC Risk

Cry Brazil encrypts files – Photo: Reproduction / PC Risk

By using already known codes, most antiviruses are able to detect Cry Brazil and prevent it from being installed on the computer. According to the Virus Total tool, among the software that identify Cry Brazil are AVG, Avast and Kaspersky. Here are some tips to protect yourself:

  • Keep your system and antivirus up to date.
  • Do not download unsolicited files by email.
  • Avoid clicking on unknown links.

If your computer has already been affected and your files have been encrypted by Cry Brazil, the recommendation is not to pay the ransom. A system restore can bring them back to normal.