Microsoft Draws Attention to Spike in Crowti Ransomware

Threatpost.com reported on 29th October, 2014 stating that researchers of Microsoft have identified a rise in Crowti which is identical to CryptoLocker which encrypts files on victim's systems and then demands payment to unbolt them.

The malware was in existence for many months but its biggest surge till now was noticed in mid-October by Malware Protection Center (MMPC) of Microsoft. The campaign tainted 4000 different machines during its peak with 71% of systems confined to United States followed by France, Canada, UK and Australia all with less than 6% percent each.

According to Microsoft, Crowti like CryptoWall asks for payment in Bitcoin which requires to be made over a Tor encrypted hidden website. In June, Crowti was asking around $US1000 in Bitcoin before its operators were ready to give the decryption key.

Crowti, like other ransomware, is being distributed through spam campaigns with email attachments contained in .ZIP files posing as faxes or invoices designed to trick victims to install the malware.

Researchers have also observed that Crowti propagating through well-known exploit kits such as RIG, Nuclear and RedKitV2 abuse outdated and old versions of Oracle Java and Adobe Flash.

The majority of the exploits being employed to distribute Crowti have been patched since long. Adobe rectified CVE-2014-0556 just in September 2014 and 2014-0515 in April while Oracle released an update to address the Java problem CVE-2012-0507 way back in February 2012 but that hasn't stopped cybercriminals from abusing depreciated apps running on those machines.

Blogs.technet.com published news on 28th October, 2014 quoting a recommendation of Microsoft as "There are many security precautions which can prevent these attacks in consumer machines and enterprise machines. You should always be careful about suspicious emails and store a backup of your files along with keeping your security products and other applications updated. Attackers are taking advantage of unpatched vulnerabilities in software to compromise your machine. Crowti uses most of the exploits which target vulnerabilities found in browser plug-in applications like Flash and Java. Habit of regular updating your software can reduce the risk of infection."

» SPAMfighter News - 11/7/2014