by Ross Dyer
We have been experiencing a resurgence of the malware family named Cryptolocker which uses a number of techniques (HTTPS, P2P, TOR) to mask its command-and-control communications.
Usually, this type of attack is delivered through spear-phishing methods as an email attachment. Upon execution, it connects to several URLs to download the crypto-ransomware and then displays a ransom message. Users must pay the ransom before the set deadline passes or all the files will permanently remain encrypted. But beware, ransom payment is no guarantee that the original files will be restored!
- A particular variant, TROJ_CRYPCTB.XX , which offers users the option of decrypting five files for free – as proof that decryption is possible
- Users are given 96 hours, instead of 72 hours, to pay the ransom fee
- The displayed ransom message has options for four languages: English, Italian, German and Dutch.
- In some case, infection can occur through embedded URL over email or compromised web site with drive-by download techniques.
How to protect yourself from CRYPTOLOCKER
- Use real-time cloud security featuring email, web and file reputation services
- File Reputation for real-time security updates on your solutions
- Leverage sandbox, emulation and heuristic integration
- Automatic execution of suspicious content on innovative dynamic engines
- Education to end-user is key to pro-active defense
- Always check who the email sender is
- Double-check the content of the message
- Refrain from clicking links in email
- Backup important data
More from TrendLabs