To decrypt these files and make them accessible again to users, they are persuaded to purchase the private key for either US $300 or 300 Euro. This encryption will be discussed in the succeeding question.ĬryptoLocker changes the system's wallpaper with a notice that informs user that their important files are encrypted. The files it encrypts include important productivity documents and files such as. The extensions of the domains include:ĬryptoLocker then searches for files with certain file extensions to encrypt. Once executed, CryptoLocker connects to randomly generated domains to download the public key to be used in encryption. What happens once CryptoLocker is executed? This variant, which serves as the final payload, is detected as TROJ_CRILOCK.NS. The said file is a ZBOT variant detected as TSPY_ZBOT.VNA.Īlong with its malicious routines that include stealing online banking credentials, TSPY_ZBOT.VNA also downloads a CryptoLocker variant onto the infected system. Should users open the attachment, TROJ_UPATRE.VNA then downloads and executes cjkienn.exe. The threat starts as a spammed message with a malicious attachment (in this case, detected as TROJ_UPATRE.VNA).
How does Cryptolocker arrive into users' systems? Therefore, it is important to stop the CryptoLocker infection chain before it executes.
This is because once files are encrypted, almost all anti-malware tools are only able to remove the CryptoLocker variant from the system, leaving encrypted files unusable. Moreover, CryptoLocker infections put infected computers at an elevated risk of being rendered unusable. However, paying doesn’t guarantee access to the infected system. UK and Canada had their share of infections at 11% and 6%, respectively.Īs with any ransomware, once the system is infected, the user is coerced to pay (a ransom) through online payment methods to regain computer usability. In our October 2013 report, we have observed over a 30-day period that 64% of detected global infections were seen in the US. Since the discovery of this malware, the number of its victims has exponentially grown. After it surfaced in 2013, CryptoLocker, a refinement of previously known versions of ransomware, has affected many by restricting user access by not just locking the system but also encrypting certain files - hence being called as CryptoLocker.
0 kommentar(er)
