A third strain of criminal ransomware has emerged.–PC Pitstop
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
Welcome to the new world of malware.
There is a third criminal ransomware gang ramping up their attacks. The malware is called CryptorBit, (also known as HowDecrypt), and follows a very similar attack process as CryptoLocker and CryptoDefense, but the malware corrupts the first 512 or 1024 bytes of any data file it finds, regardless of extension. It also seems to be able to bypass Group Policy settings that were put in place to defend against this type of ransomware infection.
Infections with this recent CryptorBit strain are on the rise, and once a user’s files are encrypted, up to $500 ransom in bitcoin is demanded to decrypt the files. It was initially released December 2013, and after debugging their criminal infrastructure, attacks are now increasing.
To add insult to injury, the cybercrims are also installing so-called cryptocoin miner software which utilizes the victim’s computer to mine digital coins such as Bitcoin, which will get deposited in the malware developer’s digital wallet, making them even more money. The cyber gang uses social engineering to get the end-user to install the ransomware using a fake Flash update, or install a rogue antivirus product.
This excerpt appears with permission from knowbe4.com.