Defense strategiesĬryptolocker uses a solid method to encrypt files and to make sure their unencrypted versions can’t be recovered by tools such as Photorec. If they act quickly after the infection and clean their system with an anti-malware tool, then the data might not be encrypted at all. ![]() It’s important to point out the statistics indicate the number of victims that haven’t had their files encrypted yet. The most affected countries are the UK and US, followed by India, Canada and Australia: The highest number was recorded on Wednesday October 16, with 1266 unique IP addresses.īelow you can find the distribution of victims per country – top 30. In total, we’ve had 2764 unique victim IP’s contacting the sinkholed domains. To connect to the C2 servers, Cryptolocker uses a domain generation algorithm that produces 1000 candidate unique domain names every day.ĭimiter Andonov from ThreatTrack Security reverse- engineered the algorithm and Kaspersky Lab sinkholed three domains to measure the number of worldwide victims. To make sure the victim gets the message, they set a pretty scary wallpaper on the infected machine: A multitude of payment options are available, including Bitcoin: The attackers give you roughly three days to pay them, otherwise your data is gone forever. For each new victim, another unique key is created and only the Cryptolocker authors have access to the decryption keys. For each victim, it connects to its command-and-control (C2) to download an RSA public key that is used to encrypt the data. Later, the GPCode authors upgraded the RSA key to 1024 bits, putting it perhaps only in the realm of NSA’s cracking power.Ĭryptolocker uses a solid encryption scheme as well, which so far appears uncrackable. ![]() Back in 2008, we cracked the 660 bit RSA key used by GPCode and provided the victims with a method to decrypt and recover their data. In the past, we have witnessed similar malware like the famous GPCode that used RSA keys for encryption. ![]() You may have read about the Cryptolocker malware, a new ransomware Trojan that encrypts your files and demands money to return them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |