Ransomcrypt: CryptoLocker

Fig1_4

A new Ransomlock Trojan has emerged from the depths. This threat known as “CryptoLocker” (Trojan.Ransomcrypt) has been growing. This nasty bug encrypts data files such as images, Microsoft Office files and then demands payment through bit coins or cash to decrypt them. All within a designated amount of time. Yes, its like a super hero / super villain plot only in your computer and doesn’t involve 100 billion dollars….only about $300 or 2 bit coins (give or take). Most of the known cases have been found in North America.
Fig2_2

 

The initial attack usually comes from an email containing a malicious Trojan.Zbot attachment that downloads then installs the virus. It employs a domain generation algorithm to find an active C&C server. So far, Symantec is the only antivirus company that has the remedy within its software, however other programs are coming on board.

Users should never pay the ransom to have their files decrypted. If you receive this virus, don’t try to remove it unless you are a skilled IT professional. The decryption of the files is rather difficult and most of the time the files are forfeit. So make sure you backup regularly. Programs like, Hitman Pro, Malwarebytes etc will remove the virus, but will not hand over the authentication key for the files on the computer to become decrypted. Most of the time, one must hope shadow copies can be examined to find the files on the HD.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s