Vaccine for CTB-Locker, Locky and TeslaCrypt Ransomware Released
It's better to prevent than to pay the ransom
Mar 28, 2016 17:35 GMT
· By
Catalin Cimpanu
Romanian security vendor Bitdefender has updated its vaunted anti-ransomware vaccine to add support for the latest versions of the CTB-Locker, Locky and TeslaCrypt ransomware families currently ravaging users all over the globe.
The
Bitdefender Anti-Ransomware toolkit has been around for some years now, ever since crypto-ransomware started to become popular and users understood that once locked, recovering the files was almost impossible without paying the crook's ransom fee.
Luck also plays a role if the ransomware contains encryption flaws that allow security researchers such as
Fabian Wosar to create decryptors for various variants. But these situations are very rare, and often found in smaller, newly appeared ransomware families, not older trialed and tested variants.
An anti-Locky vaccine is needed these days
As your doctor always tells you, it's better to prevent than to cure. So, to help users in staying safe against ransomware threats, Bitdefender has now added a much-needed update to its anti-ransomware toolkit, which until now included support only for the CryptoWall and CryptoLocker families.
The most recent version, 1.0.11.26, includes additional support for CTB-Locker, Locky and TeslaCrypt.
While CTB-Locker seems to be dormant these days, Locky has just appeared on the ransomware scene. On the other hand, TeslaCrypt has seen a resurgence these past weeks. In fact, CryptoWall, Locky, and TeslaCrypt, in this order, are considered today's
top 3 most popular ransomware families.
Research in cracking crypto-ransomware needs to continue
"The new tool is an outgrowth of the Cryptowall vaccine program, in a way," Chief Security Strategist Catalin Cosoi
explained. "We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by [the] Bitdefender antivirus and we realized we could extend the idea."
Last week, security researcher
Sylvain Sarméjeanne was exploring scenarios in which he could abuse bugs in the Locky ransomware to create a vaccine against the threat.
His work never materialized into a concrete vaccine, but let's face it, he doesn't have the resources Bitdefender does, a company which alongside Kaspersky is widely considered the best antivirus solution around.
Also last week, we had a small interview with Sean Williams, the creator of
Cryptostalker, a tool to detect crypto-ransomware on Linux systems. The tool is still in its early stages of development, and Mr. Williams also wants to port it to Windows and Mac.
