Panda researcher BartBlaze discovered a new strain of ransomware called CryptoGraphic Locker. Bleepingcomputer wrote: "Just like other encrypting ransomware, this infection will scan your your data files and encrypt them so that they are unusable. The infection will then display a ransom note that requires you to purchase the decryption key in order to decrypt your files. The initial cost to purchase the key is .2 BTC, or approximately $100 USD, which makes this one of the cheaper ransoms that we have seen in a long time."
There is a catch though, because they start low but bump the amount up every 24 hours. As soon as the malicious code becomes active it disables execution of a wide range of security tools and system management app like Process Hacker, MalwareBytes, Spyhunter, MsConfig, Task Manager, Registry Editor, System Restore and Process Explorer. The infection will also change your Windows desktop background and uses the CryptoLocker brand name in the wallpaper instead of its own CryptoGraphic Locker name which.
The good news is that the ransomware doesn’t do a proper secure delete and also doesn’t remove System Restore points. This allows you to to restore files with a recovery tool or restore Shadow Volume Copies with software like Shadow Explorer. Just as well, as their command & control servers are flaky and you cannot even pay if you want to.
Today more than ever you need to educate end-users to not open unexpected attachments and step them through effective security awareness training. Find out how affordable this is for your organization.
