Trojan Pushes out Ransomware

Tuesday, April 1, 2014 @ 09:04 PM gHale


Users hit with a Windows-based Trojan could end up with a ransomware virus that encrypts computer files and demands Bitcoin payment to decode the data.

The Windows Trojan, called “Fareit,” is an information stealer used to download other malware, like Zeus, said researchers at Trend Micro. Recently, however, analysts discovered Fareit was spreading ransomware called “Cribit.”

RELATED STORIES
Ransomware Developers Give Back
Some Ransomware Better than Others
Spotlight on Yahoo Malware Attack
Fake Ads on the Attack

Rhena Inocencio, a threat response engineer at Trend Micro, said they had identified two variants of Cribit. One, that encrypts files and uses an English message for ransom, and another delivering a “multilingual ransom note, with 10 languages included.”

Messages in English, French, Spanish, Chinese and Arabic are among the variations hitting users, Inocencio said.

In the ransom note, users go to a website on the Deep Web, which is accessible only through Tor.

Trend Micro found 40 percent of Cribit victims were in the U.S., and variants, which demand $240 worth of Bitcoin, ended up detected as new iterations of malware, called “BitCrypt.”

Christopher Budd, threat communications manager at Trend Micro, said researchers “cannot say for certain that paying the bag guys will result in decrypting the files.”

“After all, cyber criminals are after one goal: To get a person’s money,” Budd said. “Returning/decrypting a victim’s files won’t certainly be a priority or major concern for these people. Additionally, paying the ransom may encourage and help expand the operations of cyber criminals.”

To avoid infection or lessen the impact of ransomware threats, Trend Micro recommended users avoid clicking embedded links in emails, which can contain malware, and to regularly update software as an added security layer.



Leave a Reply

You must be logged in to post a comment.