CryptoLocker Ransomware Attack
Added 9 years ago by Bryan See • Updated about a year ago by Brad
| Navigation |
| Overview • Background • Developments • Search Interest • External References • |
Type: Hack
Tags: virus trojan malware cryptolocker cryptodefense cryptowall ransomware
Additional References: Wikipedia
Overview
CryptoLocker malware attack was a ransomware Trojan virus which targeted computers running Microsoft Windows operating systems that was first detected by Dell SecureWorks in September 2013[1].
Background
Mechanism
Cryptolocker infections normally begin via infected email attachments, and via an existing botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers.
Ransomware
Cryptolocker builds up on the successes of ransomware in the recent years, though ransomware as a distinct type of malware is not new. One of the earliest pieces of malware that was written specifically to make money, rather than simply to illustrate a point, was the AIDS Information Trojan of 1989[2]. It makes use of encryption methods for malicious purposes as criminal methods become more and more sophisticated each year, similar to the GPCode trojan, whose keys were cracked in 2008[3]. Over the past years, ransomware has become significantly more prevalent and the malware authors have written significantly more clever and scary versions[4].
Developments
Since its discovery and its debut in Great Britain, CryptoLocker infected more than 234,000 computers worldwide, including more than 100,000 in the U.S., and generated its cyber-criminal creators more than $380,000 in revenue. This, along with its sophistication of getting past security programs to complete their infection of computers surreptitously, had led security writers to call it a "diabolical twist on an old scam"[5][6]. It gained notoriety in November 2013.
At the end of May 2014, U.S. and foreign law enforcement agents seized the computers that distributed CryptoLocker. Although Cryptolocker was neutralized, it is only a matter of time before malware writers devise a new method of attack.
CryptoWall
CryptoWall is a copy of the Cryptolocker malware that first surfaced in February 2014. Filling the voidIt has infected over 600,000 computers, encrypting five billion files, which made CryptoWall "the largest and most destructive ransomware threat on the Internet" at the time of the discovery. However, unlike Cryptolocker, it was less effective at generating income for its creators[8].
Search Interest
External References
[1] Dell SecureWorks – "":http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/ | Posted on 12-18-13.
[2] Naked Security – Destructive malware "CryptoLocker" on the loose – here's what to do | Posted on 10-12-13.
[3] Kaspersky Lab – Kaspersky System Watcher – Safeguarding user data with Kaspersky Cryptomalware Countermeasures Subsystem
[4] Forbes – Computer Virus Spreading That Means You Never Get To See Your Files Again | Posted on 10-22-13.
[5] Forbes – Cryptolocker Thieves Likely Making 'Millions' As Bitcoin Breaks $1,000 | Posted on 11-27-13.
[6] Brian Krebs (KrebsonSecurity.com) – CryptoLocker Crew Ratchets Up the Ransom | Posted on 11-13-2013.
[7] USA Today – Federal agents knock down Zeus Botnet, CryptoLocker | Posted on 6-2-14.
[8] PC World – CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files | Posted on 8-29-14.
Comments ( 12 )
Sorry, but you must activate your account to post a comment.