CryptoDefense Using Java Drive-By Attack to Increase Infection Rate

Security firm Bromium analyzed the version in March 2014 and confirmed that the gang behind the CryptoDefense ransom malware has been distributing it by using a simple Java drive-by attack to infect more victims.

CryptoDefense is less popular than rival CryptoLocker and although it is more than a small copycat program but it shows an evolution beyond the successful design of CryptoLocker.

Another unusual feature is that Criminals behind CryptoDefense extended the deadline of 48-hour to pay for an encryption key to several weeks in a ploy to increase the number of victims to pay.

When Symantec recognized the malware in March 2014 as email attachments but that seem to have been complemented with more dangerous drive-by downloads targeting Java.

Victims are being popped by a Java exploit which downloads and executes the malware in phases and is presented with a message that files on the hard drive have been encrypted and they must pay a ransom within deadline to have them decrypted otherwise ransom price goes up. The victim is threatened with permanent destruction of his files if the ransom demand is not met.

Threatpost.com published news on 18th May, 2014 quoting Vadim Kotov, Security Researcher of Bromium, as saying "CryptoLocker and CryptoDefense are competitors but there are similarities also between them regarding payment methods (Bitcoin), usage of public-key encryption and some of the same file extensions which are targeted by both."

Cbronline.com published news on 28th May, 2014 quoting Bromium as that the rate of new-flanged crypto malware attacks appears to be rising and becomes money-making business for cyber crooks.

Bromium anticipate ransomware to become more well-known with time as per the news of extensive ransomware among Apple users in Australia.

Affected victims by this ransomware are advised not to pay for unlocking their system and contact the support team of their system. Besides this Internauts are also advised to scan their computers with an updated version of the anti-virus solution installed on their systems in case they doubt that their systems have been infected by the well-known ransomware or by any other malware.

» SPAMfighter News - 6/6/2014