Security Researchers Identify ‘OphionLocker’ a Fresh Strain of Ransomware

According to security researchers, one fresh sample of crypto-ransomware is spreading online that has been named OphionLocker and which works with the aid of next-generation encryption for freezing the user's data-files first, followed with extracting Bitcoin towards ransom payment for obtaining the decryption key, reported tomsguide.com dated December 16, 2014.

Malevolent Web ads or 'malvertising' is the tool used for spreading the campaign as they infect the victim's computer on clicking the ads alternatively simply allow them to get planted on the victim's browser.

Moreover, OphionLocker utilizes the anonymous Tor protocol for masking its dispatch and receipt of messages from the command-and-control (C&C) infrastructures.

The ransomware is a foremost encrypting malware that utilizes almost uninterrupted elliptic-curve cryptography for locking videos, photos, documents as also other files that the contaminated PC has. The keys essential for unlocking those files carries the ransom price demanded of the victim.

When contaminated, the victimized PC-operator finds a pop-up window that tells about the frozen files after which the anonymous server Tor2web is used accessible through the anonymous protocol Tor, for outlining the instructions related to the way the payment must be made for acquiring the decoding keys. Reportedly, 1BTC ($352) is the price the extortionists demand; however, the ransom sum differs from country-to-country, with victims in USA required to pay the maximum amount.

The medium for contamination is solely compromised websites wherein attack toolkits are used for invading un-patched PCs.

Till now, OphionLocker hasn't deleted victims' PC-files for good. Thus, it's possible for regaining the locked files with the help of a file regaining software, the researchers emphasize.

Overall, it's important for a user's computer to have high-quality anti-virus software enabled for safeguarding from malware threats like OphionLocker.

Interestingly, even after shutdown of the CryptoLocker, malicious campaigns spreading ransomware continue to be a too scary threat. More advanced encoding campaigns are being developed for aiding cyber-criminals' fraud. So with OphionLocker, because it utilizes the elliptic-curve cryptography and Tor protocols, it has acquired a top-level status among such scams, although there have been other ransomware programs before it such as the CTB-Locker, a pioneer in utilizing both protocols.

» SPAMfighter News - 12/30/2014