1. #1
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    CryptoLocker Ransomware

    To put it simply, CryptoLocker encrypts the files on the computer and holds them for ransom. There is only one private key available to unencrypt the public key and it is stored on a secret server with a time bomb set to destroy the key if the ransom isn't paid by the deadline. Depending on the version, the ransom is $100 to $300 with a deadline for payment of between ~72 to 100 hours.

    Additional information an references are available in my blog post, CryptoLocker Ransomware.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    Due to the incorrect and vague information available on CryptoLocker, Grinler published a guide containing all the known information on CryptoLocker to this date.

    CryptoLocker Ransomware Information Guide and FAQ


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    Grinler's guide has been updated with new information. Of particular interest it the information about CryptoPrevent. CryptoPrevent is a free utility by FoolishIT LLC that automatically adds the suggested Software Restriction Policy Path Rules (listed in the guide) to your computer. The added Software Restriction Policies are to prevent CryptoLocker and Zbot from being executed in the first place.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    Another update today:

    Updated the CryptoLocker guide to include updated info on the new Registry keys, updates to CryptoPrevent, and the message on the Command & Control Server.
    tom982, jcgriff2 and x BlueRobot say thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    Update: CryptoLocker guide updated to fix issues with %Temp% SRP rules and info on known bitcoin payment wallet addresses.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    Interesting development: DNS Sinkhole campaign underway for CryptoLocker - News
    A DNS sinkhole campaign is underway and in high gear to block computers infected with CryptoLocker from reaching the malware's Command & Control servers. A DNS sinkhole is a method used by security researchers to monitor Botnets and to block communication between an infected computer and its Command & Control server.
    There are a couple of issues with the sinkhole. First, of course, would be those caught in the middle having paid the $300 ransom but still waiting for the key to decrypt their files. Another is that CryptoLocker will merely move on to another domain that isn't in the sinkhole.

    At this time, it is unknown who is responsible for setting up the sinkhole.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    An unfortunately development: CryptoLocker developers charge 10 bitcoins to use new Decryption Service

    The price for the decryption key, though, has been significantly increased from 2 bitcoins to 10 bitcoins. With the current price of bitcoins at around $212 USD the ransom has increased from around $400 USD to over $2,100 USD.
    Prevention along with backing up important data are definitely the only way solution.
    satrow, Tekno Venus and x BlueRobot say thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    Via Bleeping Computer:

    CryptoLocker emails now including password protected attachments to evade av software. Email pretends to be new outlook settings.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: CryptoLocker Ransomware

    It certainly would be good to see an end to this.

    The past few weeks have seen the ransomware CryptoLocker emerge as a significant threat for many users. Our monitoring of this threat has revealed details on how it spreads, specifically its connection to spam and ZeuS. However, it looks there is more to the emergence of this thread than initially discovered.

    We have identified one possible factor in this growth: the arrest of Paunch, the creator of the Blackhole Exploit Kit. Paunch’s arrest led to a significant reduction in spam campaigns using exploit kits. Clearly, this caused a vacuum in the spam-sending world – spammers would not all of a sudden stop sending spam. So they would need to send something out; what would this be?
    More at CryptoLocker Emergence Connected to Blackhole Exploit Kit Arrest | Security Intelligence Blog | Trend Micro
    x BlueRobot says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Beware CryptoLocker Ransomware
    By Trouble in forum General Help & Information
    Replies: 0
    Last Post: 09-14-2013, 05:39 PM
  2. Replies: 7
    Last Post: 12-28-2012, 03:45 AM
  3. Replies: 0
    Last Post: 11-23-2012, 10:03 PM
  4. Ransomware resurrects the SOPA specter
    By JMH in forum News You Can Use
    Replies: 0
    Last Post: 10-12-2012, 06:41 PM
  5. Worm spreading on Skype IM installs ransomware
    By JMH in forum News You Can Use
    Replies: 1
    Last Post: 10-09-2012, 01:57 AM

Log in

Log in