Just when you thought all your troubles were gone, CryptoLocker snuck back into the scene. Some of you may recall this malware menace from last month that was used in a ransomware campaign. In a blog post, security company Bitdefender revealed that CryptoLocker claimed over 10,000 victims in one week.
To refresh your memory, CryptoLocker is a Trojan that encrypts documents on victims' computers and holds them ransom for $300. If you don't cough up the money, CryptoLocker threatens that it will delete the decryption key, rendering the infected files unreadable.
Capturing CryptoLocker's TrafficBitdefender Labs researchers were able to reverse-engineer the CryptoLocker domain generation algorithm and capture traffic directed to its related domains between October 27 and November 1. Throughout the week, exactly 12,016 struggled to contact these void domains. Looking at the distribution of infected hosts and available payment methods, US systems seem to be the only ones targeted. Other unfortunate systems that fall victim to CryptoLocker just appear to be part of the collateral damage.
Domain generation algorithms of ransomware applications, like CryptoLocker, generate new command and control subdomains daily to avoid getting their networks shutdown by the authorities. CryptoLocker's command and control servers usually don't stay online for more than a week and are changed frequently. Bitdefender noted that during the time its researchers monitored the ransomware activity, these servers were located in Russia, Germany, Kazakhstan and Ukraine.
Protect YourselfIt shouldn't come as a shock that CryptoLocker nabbed more than 10,000 victims in a week. While people know they're at risk for malware attacks, some users don't bother to purchase antivirus software until their devices are hit. Obviously this mentality isn't exactly the best way to protect yourself.
Get antivirus software before you become victim to cyberattacks; there are plenty of options out there, including free ones. One of our favorites is Bitdefender Antivirus Plus (2014). Bitdefender also offers a CryptoLocker-blocking tool that prevents your PC from getting infected. Even if you think the chances are low, you can still be targeted in a malware campaign.
To refresh your memory, CryptoLocker is a Trojan that encrypts documents on victims' computers and holds them ransom for $300. If you don't cough up the money, CryptoLocker threatens that it will delete the decryption key, rendering the infected files unreadable.
Capturing CryptoLocker's TrafficBitdefender Labs researchers were able to reverse-engineer the CryptoLocker domain generation algorithm and capture traffic directed to its related domains between October 27 and November 1. Throughout the week, exactly 12,016 struggled to contact these void domains. Looking at the distribution of infected hosts and available payment methods, US systems seem to be the only ones targeted. Other unfortunate systems that fall victim to CryptoLocker just appear to be part of the collateral damage.
Domain generation algorithms of ransomware applications, like CryptoLocker, generate new command and control subdomains daily to avoid getting their networks shutdown by the authorities. CryptoLocker's command and control servers usually don't stay online for more than a week and are changed frequently. Bitdefender noted that during the time its researchers monitored the ransomware activity, these servers were located in Russia, Germany, Kazakhstan and Ukraine.
Protect YourselfIt shouldn't come as a shock that CryptoLocker nabbed more than 10,000 victims in a week. While people know they're at risk for malware attacks, some users don't bother to purchase antivirus software until their devices are hit. Obviously this mentality isn't exactly the best way to protect yourself.
Get antivirus software before you become victim to cyberattacks; there are plenty of options out there, including free ones. One of our favorites is Bitdefender Antivirus Plus (2014). Bitdefender also offers a CryptoLocker-blocking tool that prevents your PC from getting infected. Even if you think the chances are low, you can still be targeted in a malware campaign.
No comments:
Post a Comment