Imitation Ransomware Discovered

Monday, December 16, 2013 @ 04:12 PM gHale

A copycat is targeting users in the U.S., Europe and Russia, but it looks as though this imitation of the Cryptolocker ransomware is less effective, researchers said.

The cryptographic toolkit used to encrypt the victims’ files has flaws that researchers can take advantage of to create a mitigation to decrypt them, said researches from security company IntelCrawler.

Data Stealing Malware Almost Undetectable
Ransomware Survives Takedown
Ransomware Uses Webcam in Scam…
Ransomware Running Wild …

IntelCrawler Chief Executive Andrey Komarov said they have already managed to develop these mitigation keys, and they can decrypt any infected client.

The copied ransomware currently has an extremely low detection rate. Users end up infected via drive-by downloads and by receiving and opening executables disguised as mp3 files.

Once the malware is on the target computer, it proceeds to encrypt files one by one, leaving the encrypted versions behind and deleting the non-encrypted ones.

It also places a text file containing instructions on what to do (pay up $150 to receive the key) and how to contact the criminals (via throwaway phone numbers and emails) in each computer directory.

After paying, the victims contact the criminals and give them their computer’s hostname and the identifying code written in the text file.

Leave a Reply

You must be logged in to post a comment.