In the category of Ransomware
Malware, a nasty piece of malware called CRYPTOLOCKER
is on the top, that threatened most of the people around the world, effectively
destroying important files of the victims.
Cryptolocker, which strongly encrypts victims' hard drives
until a ransom is paid, is now again back in action to haunt your digital life
with an additional feature.
Until now, CryptoLocker has been spread via spam email, with
victims tempted to download an attachment or click on a link to a malicious
website, but now it can spread itself as a worm through removable USB drives.
Security Researchers at Trend Micro have recently reported a
new variant of Cryptolocker which is capable of spreading through removable USB
drives.
Cryptolocker is a malware which locks your files and demand
a ransom to release it. The files are encrypted so removing the malware from
the system doesn’t unlock your files. The only way to get your files decrypted
is to pay a demanded ransom amount to the criminals.
This new cryptolocker’s version is detected as WORM_CRILOCK. A, and can infect the
computers by posing as key generator or activators for paid software like Adobe
Photoshop, Microsoft Office on Torrent websites.
If CryptoLocker has already encrypted your files, then it
will display a message demanding payment. Once installed on a system, it can
replicate itself onto a USB drive and spread further and also if that infected
system is connected to a network, the Cryptolocker work can look for other
connected drives to infect them as well.
Other malware has employed similar tactics in the past, but
CryptoLocker's encryption is much more secure and is currently not possible to
crack. But the new Cryptolocker didn’t use DGA (domain generation algorithm),
but instead relied on hardcoded command & control center details.
“Further analysis of WORM_CRILOCK reveals
that it has a stark difference compared to previous variants. The malware has
foregone domain generation algorithm (DGA). Instead, its command-and-control
(C&C) servers are hardcoded into the malware. Hardcoding the URLs makes it
easier to detect and block the related malicious URLs. DGA, on the other hand,
may allow cybercriminals to evade detection as it uses a large number of
potential domains. This could mean that the malware is still in the process of
being refined and improved upon. Thus, we can expect latter variants to have
the DGA capability.”
Recommendations for
users to defend against such threats:
Users should avoid using P2P i.e. Torrent sites to get
pirated copies of software and stick with official or reputable sites. Users
should also be extremely careful about plugging USB drives into their
computers. If you found one lying around, don't plug it in to see what may be
on it.
Posts
