iStock_000019354781XSmall

Cryptolocker – Nasty Ransomware Wrecking Havoc Worldwide

Jan 13, 2014 By Sharon Solomon

If you own a PC running Windows, you are vulnerable to Cryptolocker. This Trojan entered the spotlight in late 2013 and is not showing any signs of slowing down. It’s very important to understand and be aware of this fast-spreading ransomware, which has already earned its operators lots of money.

The dreaded Trojan initially spread only via emails. Users were sent malicious emails with downloadable files or misleading links. The exploited computer’s data files were then locked until a ransom was paid for the decryption.

The news keeps getting worse. Cryptolocker is now capable of contaminating computers with removable USB drives and pirate software activators. Windows users should refrain from using unknown USB drives and must install only official software.

The email technique is quite straightforward. The malicious executable file attached to the email is disguised as a .PDF file. But this is in fact an .EXE file making use of Windows default behavior of hiding the extensions from file names. The payload then self-installs in the exploited computer’s Documents and Settings folder.

Following a quick installation process, the contaminated key is added to the registry. The designated command and control servers are then contacted to generate a strongly encrypted (2048-bit RSA) public key. To make matters worse, these servers can also be of the proxy type, making tracing and investigating even harder.

The incoming public key then wreaks havoc in the compromised computer, encrypting MS Office and picture files, rendering them inaccessible. The victims eventually have to use the Cryptolocker software or visit the website to purchase the decryption key, which is the only way to bring the contaminated files “back to life”.

Cryptolocker is also capable of infecting computers via botnets and now even with commonly available USB drives. Unfortunately, there is no dedicated solution for the problem. All one can do is adopt the traditionally recommended actions like not opening emails from unknown senders and staying away from untrusted hardware storage devices.

The current amount demanded by Cryptolocker owners for the decryption key is around $300 USD. It’s highly recommended not to pay the ransom money. Traditional security measures like antivirus software and firewall solutions don’t eliminate the problem, but help detect Cryptolocker infiltrations. Backing up all personal data is also a good idea.

Cryptolocker is now shifting its focus from phishing emails to P2P platforms, where malware is disguised as activators for software. The aforementioned technique of spreading the Trojan with USB sticks is also expected to rise this year. The best way is to adopt a pro-active attitude to security and spread awareness about this risky malware.

Source 1 – All You Wanted To Know About Cryptolocker

Source 2 – All About Cryptolocker

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.