CryptoFortress, is a new ransomware with file encryption capabilities. It looks like TorrentLocker, but its internal mechanism shows a different malware structure.
The message asking for the ransom that appears to the victim when the data on the computer has been encrypted as in the case of TorrentLocker, which as we mentioned has been borrowed from CryptoLocker. Similarities have also been found on the payment page.
Security researchers report that their developers Crypto Fortress they took HTML templates and CSS code from TorrentLocker. However, common points do not stop there, since the code and encryption system available in the new ransomware as the distribution method are not the same.
Her researchers ESET (they recognize it as Win32 / Kryptik.DAPB) have created a list of all common points in their encryption malware, and besides the encryption algorithm (AES-256), encryption of the AES key (RSA-1024) and the fact that the payment page is hidden in the anonymous Tor network, they do not have many common points.
CryptoFortress is spread through exploit kits, not spam. The ransom page location is in the malware code, not in the C&C.
In addition, the cryptographic library used by CryptoFortress is Microsoft's CryptoAPI, while TorrentLocker uses the open-source LibTomCrypt.
Another difference lies in the fact that the new malware encrypts the first half of the file or up to 5MB and the amount of ransom it requests is around 500 dollars to be paid to Bitcoin.
The first CryptoFortress report appeared at the beginning of the month by the malware researcher Caffeine, ο οποίος παρακολουθεί τις αλλαγές των exploit kits. Μια ένδειξη της λοίμωξης είναι ότι τα archives χρησιμοποιούν σαν extension the “FRTRSS.”
The analysis by its security researchers companys security Lexsi revealed that the AES key used to encrypt the data on the hard drive was stored locally in the HTML file (the file is called “READ IF YOU WANT YOUR FILES BACK”), and is protected by a strong public-key (RSA 1024).
In addition to local units, ransomware also beats mapped drives and shared network files by virtually destroying it. Prefers backups to prevent files from being restored.