Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Continued protection needed against CryptoLocker threat

BitDefender UK : 14 July, 2014  (Technical Article)
Bitdefender report explains the rise and temporary fall of the Cryptolocker malware and how companies need to continue to maintain protection against it
Continued protection needed against CryptoLocker threat

Bitdefender has published a new report detailing the rise and temporary takedown of CryptoLocker, the piece of malware that emerged in September 2013 and paved the way for a new class of malware: commercial ransomware. The security provider warns that while CyptoLocker is currently disabled, it could come back to life at any moment. As such, users need to take precautions to protect against this threat.

The security provider’s report, CryptoLocker and the Commercial Malware Delivery Platform behind it, explores the nine-month history of CryptoLocker and how the Trojan has already been used to extort more than £15.7m ($27m) from victims. The Trojan often comes bundled with spam messages, but the most effective vector is a secondary delivery mechanism that involves the GameOver Zeus botnet deploying CryptoLocker in a pay-per-install affiliation mechanism.

Catalin Cosoi, Chief Security Strategy at Bitdefender, states, “Zeus is a well-known and highly successful crimeware kit - the flat-pack furniture of the virus world. It is under constant development by several criminals or groups and new functionalities are constantly added. The skill bar to using it is unfortunately very low and getting lower by the day.”

The report details Bitdefender Labs’ extensive international work in taking down the CyptoLocker malware at periods spanning from November 2013 - June 2014 when the GameOver Zeus infrastructure was shut down in a synchronized effort by the security industry and law enforcement. The report notes that UK-NCCU’s DNS resolution block for the entire list of domains generated by the CryptoLocker DGA was effective in cutting the botnet from Tier 1 proxies around the world.

Bitdefender advises that a number of machines are currently still infected with CryptoLocker that were not “activated” as the botnet disruption occurred before the locally-installed bot was able to exchange keys with the command-and-control centre and commence encryption. Most likely, these hosts will immediately become infected and lose access to their data.

“We urge users to perform an in-depth virus scan on their computers to detect and eliminate inactive instances of CryptoLocker before the encryption process starts or they risk losing some data,” adds Catalin Cosoi.

Bitdefender advises that while the fate of CryptoLocker is undetermined, other cyber-criminal groups are taking file-encrypted ransomware to a new level. An example is TorLocker, a commercial ransomware toolkit sold on underground forums as an affiliate program. Bitdefender warns that the number of ransomware-based families targeting Android has also increased in the past few months, and that the threat is not only becoming more prominent but more sophisticated as well.

Catalin Cosoi concludes, “We strongly urge users to pay extra attention to the resources they visit as well as to what they install on their computers. Software updates for third-party products such as Java, Adobe Reader or Flash should be deployed as soon as they become available. The use of an anti-malware solution would also be highly recommended.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo