Stand-alone CryptoLocker Variant Found



CryptoLocker_Stand_Alone

It looks like the Russian evil genius behind Cryptolocker, Evgeniy Mikhailovich Bogachev, has not been sitting still since the recent international law enforcement "Operation Tovar" which took over most of his botnet. A new strain of the infamous CryptoLocker ransomware Trojan has been found. The new Trojan does not rely on the 2048-bit RSA encryption and does not need any communication with a Command & Control server. It operates stand-alone, and the extensions of affected files are switched to .CRYPTOLOCKER.

A post at the Fakebit blog shows an analysis of a CryptoLocker spin-off which instructs the victim to access a location in the Tor network to receive details about the ransom payment. The Trojan encrypts data on the affected computer, but uses an encryption method that is weaker than the original that can possibly be broken, in order to regain access to the locked files. 

Judging by the choice of the encryption algorithm and the method for receiving payment, this CryptoLocker variant can not be considered to be as strong as the original; but nonetheless, it does encrypt all the files it can get its hands on, and by relying on the original CryptoLocker brand name, these miscreants could still make some serious money.

Copycat ransomware will show their ugly heads this year. Law enforcement recommends not paying any ransom in order to discourage the criminal practices and you never know if they will keep their end of the bargain and provide the decryption. In some cases, it may make sense to do it anyway, in case of backups being unavailable of corrupted and months of work potentially lost.

In any case, stepping employees through effective Kevin Mitnick Security Awareness Training is a must these days.

Get A Quote Now




Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews