Thursday, 22 January 2015

New CryptoLocker-type ransomware strikes in Europe

ESET researchers have spotted a new type of ransomware cyber-attack spreading in Europe and Latin America. It encrypts user’s files similarly toCryptolocker, and requests a ransom in Bitcoins.

According to ESET research, the campaign is just starting out. For an in-detail report on the CTB-Locker, including screenshots, see ESET Ireland’s blog.

Early yesterday ESET Research Team in Latin America has repeatedly tracked the activity of CTB-Locker, a filecoder detected by ESET’s telemetry asWin32/FileCoder.DA. The infection starts when the victim receives an e-mail with the subject “fax”, containing an attachment that resembles a facsimile. The embedded file is infected with Win32/TrojanDownloader.Elenoocka.A – a trojan downloader which tries to connect to the Internet to download other malware –in this case the Win32/FileCoder.DA, also known as CTB-Locker. Upon successful opening in the victim’s device, CTB-Locker encrypts specific files on the device, locks the screen and displays a ransom message.

ESET researchers have also noticed a similarity between CTB-Locker and CryptoLocker as they both have a similar pattern of encrypting the victim’s files and differ only in the use of encryption algorithm. Similarly to CryptoLocker, the victim is requested to pay a ransom in Bitcoins - of approximately 8 Bitcoins (valued around $ 1,680).

The best prevention is to follow the well-known security “mantra” – backup your files, update your software and protect your device. The impact the CTB-Locker can have on a company or a user who does not have a backup solution can become a real headache. ESET received reports of companies paying thousands of dollars to recover their data.