Worse Than CryptoLocker


Worse Than CryptoLocker

The competition to copy CryptoLocker is heating up and the latest variation is even more technically sophisticated.–PC Pitstop

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

As we said before, there is furious competition between cybergangs. Late February 2014, a CryptoLocker ransomware copycat competitor called CryptoDefense was released which outdoes the original.

They did their test-marketing in many other countries like the UK, Canada, Australia and others. They are now targeting the U.S. as you can see in this infection heatmap picture generated by Symantec. They are making tens of thousands of dollars per month with this technically sophisticated scam.

If an end-user opens the infected attachment, the CryptoDefense ransomware encrypts its target files, and the criminals charge approx. $U.S. 500 in Bitcoin to decrypt the files. If their four-day deadline passes by, the amount goes to about $U.S. 1,000. Note that Bitcoin exchange rates vary so these numbers are ballpark, and that CryptoDefense is much more expensive to unlock than CryptoLocker.

The ransomware target files are text, picture, video, PDF and MS Office files and CryptoDefense encrypts these with a strong RSA-2048 key which is hard to undo. To add insult to injury, it wipes out all Shadow Volume Copies. Instructions with the ransom demands are added to every folder containing encrypted files. This stinks.

When the hapless end-user clicks the attachment, CryptoDefense connects to four remote domains and sends basic information about the infected workstation. Then, the files on the end-user machine are encrypted, and the private key is sent back to the Control & Command server.

Last, the malware makes a screenshot of the active screen of the end-user workstation and uploads this to their C&C server. That screenshot appears on the payment page where the victim can upload the Bitcoin payments. To reach this page you first need to install the Tor Browser as the payment page is only available via the Tor network, which helps the criminals hide from the law to some degree.

RANSOM – Article continued here

This excerpt appears with permission from knowbe4.com.

Don’t Get Hit With Ransomware
http://info.knowbe4.com/dont-get-hit-with-ransomware

(Visited 20 times, 1 visits today)

23 thoughts on “Worse Than CryptoLocker

  1. Death is too good for the scum. I advocate surgical removal of the hands,to just above the wrist. They would have to start typing with their feet or use voice recognition software. If they get caught again, remove their feet and voice boxes.

  2. Where do I find the Shadow Volumes and do I have to go to Kinkos to make shadow volume copies? Does my local Bank have these Bitcoins, if not where do I go to get them?

  3. Why cant they trace the money and catch these criminals. I had 1 customer whose conputer was infected with ransomeware last month. Superantispyware and Malwarebyte was required to correct. Took 2 hrs.

  4. I DON’T NORMALLY LEAVE COMMENTS BUT I’VE BEEN NOTICING A TREND. DOES IT SEEM TO ANYBODY ELSE THAT IT SEEMS LIKE THESE OUTFITS THAT ARE WARNING PEOPLE ABOUT THESE “HYPER TERRIBLE RANSOMWARE TYPE PROGRAMS” ARE COMMITTING THEIR OWN FORM OF “”SCAREWARE”” TYPE OF TERRORISM??? BY REPORTING OF THIS TERRIBLE RANSOMWARE PROGRAM AND THEN SOLICITING THEIR OWN ANTI RANSOM/MALWARE PROGRAM?

  5. It is approaching the time that when these criminals are found that they NOT be called "white Collar Criminals". and be executed on the spot, publicly – on TV for the world to see, once found. They are not only having fun creating havoc and making money … they are destroying peoples lives and businesses and do not deserve to live anymore than the lives and businesses they destroy. We need to treat them as to what they are …. terrorists .. in every sense of the word. A few public executions just might make them realize that their days are numbered …. and please don't tell me that our criminal NSA can't find them.

  6. Make regular backups,

    I think with these hackers it should carry the death penalty, because they are destroying lives.

  7. I am eagerly looking forward to the day when the people who do this kind of thing are taken out and lined up against a wall and shot, and it is broadcast live on national TV.

    • @Edwin:
      And not “cleanly”. Give the shooters a big box of ammo and let them get creative. A toe here, a kneecap there, then a gonad. . .

  8. Be aware, take the time to assure you are downloading only intended files and updates from legit sources. Backup personal files to a drive that stays disconnected otherwise, and system backups should be separate. Education won't stop it, but will minimize it.

Leave a Reply

Your email address will not be published. Required fields are marked *