Symantec Detects CryptoDefense a Ransomware Mimicking Earlier CryptoLocker
Symantec has found one ransomware sample called CryptoDefense, which resembles CryptoLocker an earlier infamous ransomware, while security researchers at the company examine the new malware.
CryptoDefense, just like CryptoLocker, after compromising a PC encodes the system's critical data-files while keeping them unlocked till the victim pays a ransom amount. The ransom asked amounts $500 that must be paid in bitcoins via an exclusive Tor-hosted website that hides the cyber-criminals from getting traced.
However, the payment must be done in 4-days time failing which the demanded amount will become twofold. The crooks use RSA 2048 encoding key to ensure that the encoded files can't get retrieved unless the ransom is paid.
Symantec researchers observe CryptoDefense getting distributed through spam mails impersonating a PDF file.
Once it is run, the malware links up with 4 distant URLs for transmitting onto it essential data from the contaminated PC. Thereafter, encoding of the data-files occurs following which the malware sends the encryption key back to its command and control server. Subsequently, it takes the hijacked computer-screen's screenshot and posts it onto the same server.
The malware adds further instructions for the victim, along with the sum to be paid, to all the directories having the encrypted files.
Luckily, there's certain method by which the victims can regain the locked files even if they don't make the ransom payment. This is possible because the developers of RSA 2048 encryption overlook the non-removal of the decryption code.
Symantec explains that due to the cryptographic utility's bad implementation by the malware's perpetrators, hostages get to find a way of their liberation. Pcpro.co.uk published this, April 1, 2014.
But, since getting the decryption code requires some amount of technical knowledge, an average end-user mayn't manage to liberate himself from the CryptoDefense's fetters. Meanwhile, even with one major drawback of CryptoDefense, as mentioned above, Symantec emphasizes an enormous $34,000 that got yielded to the malware's handlers within just one month.
Symantec also stated its researchers had already stopped 11,000 contaminations from CryptoDefense within 100-or-more countries. USA had the maximum while other countries affected were Canada, UK, Holland, Italy, India, Japan and Australia.
» SPAMfighter News - 09-04-2014