cruelsister
Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
This is too cool for words (but I'll try anyway); As many here know, one malware strain that has caused particular problems lately has been Crptolocker. The malware will encrypt various filetypes while connecting to a Server where a decryption key will be generated and stored. Once the malware has finished doing what it does a screen like this will be presented to the user:
An issue for the hard working malware author has been the very success of Cryptolocker. Most AV firms have been bery good at pushing out definitions to remove all traces of the malware, while sadly still leaving all the files still encrypted. The removal process will also zap the screen presented above, so now the user will not know where to go to buy the unlock key, and the poor starving criminal won't get paid.
The remedy is obvious- start a website where the infected can go any buy the decryption key online! The specifics of this have just been published here:
http://thehackernews.com/2013/11/CryptoLocker-Ransomware-Decryption-service-malware-keys.html
Please note that when the decrypt codes were first sold the price was 1 bitcoin and was recently doubled to 2 BC. Now however, to defray the cost of setting up the website (located in Central Russia) the price of the key has been upped to 10 BC (current exchange rate of 1 BC = 222 USD).
One last thing- Cryptolocker-blocking tools have been published. One from BitDefender can be found here:
http://labs.bitdefender.com/2013/10/cryptolocker-ransomware-makes-a-bitcoin-wallet-per-victim/
and another good one, CryptoPrevent, can be found here:
http://www.foolishit.com/vb6-projects/cryptoprevent/
(I personally haven't checked to see if these tools will work against the latest variants)
An issue for the hard working malware author has been the very success of Cryptolocker. Most AV firms have been bery good at pushing out definitions to remove all traces of the malware, while sadly still leaving all the files still encrypted. The removal process will also zap the screen presented above, so now the user will not know where to go to buy the unlock key, and the poor starving criminal won't get paid.
The remedy is obvious- start a website where the infected can go any buy the decryption key online! The specifics of this have just been published here:
http://thehackernews.com/2013/11/CryptoLocker-Ransomware-Decryption-service-malware-keys.html
Please note that when the decrypt codes were first sold the price was 1 bitcoin and was recently doubled to 2 BC. Now however, to defray the cost of setting up the website (located in Central Russia) the price of the key has been upped to 10 BC (current exchange rate of 1 BC = 222 USD).
One last thing- Cryptolocker-blocking tools have been published. One from BitDefender can be found here:
http://labs.bitdefender.com/2013/10/cryptolocker-ransomware-makes-a-bitcoin-wallet-per-victim/
and another good one, CryptoPrevent, can be found here:
http://www.foolishit.com/vb6-projects/cryptoprevent/
(I personally haven't checked to see if these tools will work against the latest variants)
