ESET's investigations reveal details of the criminal campaign CTB-Locker.
Her researchers ESET εντόπισαν ένα νέο είδος επίθεσης στον κυβερνοχώρο που εξαπλώνεται σε Ευρώπη και Λατινική Αμερική. Ο λόγος είναι μία παρchange of the family ransomware known as CTB-Locker.
Below is information about the threat CTB-Locker as set out in the notice sent by the Commission ESET:
The CTB-Locker encrypts them archives of the user like the CryptoLocker, asking ransom in Bitcoin. According to ESET's research, the campaign has just begun. More information about CTB-Locker is available on ESET's information page WeLiveSecurity.com.
Early on Tuesday, 20 / 1 / 2015, ESET Researchers in Latin America identified repeatedly its action CTB-Locker, a filecoder detected by ESET telemetry as Win32 / FileCoder.DA.
The infection starts when the victim receives an e-mail with the subject "fax", with a copy-like attachment.
The embedded file is infected with Win32 / TrojanDownloader.Elenoocka.A – a trojan downloader that tries to connect to the Internet για να «κατεβάσει» και άλλο malicious software – in this case Win32/FileCoder.DA, also known as CTB-Locker. If executed on the victim's device, CTB-Löcker encrypts specific files on the device, locks the screen and a message for ransack.
ESET researchers also identified a similarity between CTB-Locker and CryptoLocker: "Both have a similar encryption pattern for victim files and differ only in the use of the encryption algorithm," notes Pablo Ramos, ESET Head of Research at Latin America. Also, as with CryptoLocker, the victim is asked to pay ransom to Bitcoin - about 8 Bitcoin (estimated value at about $ 1.680).
The best way to protect is the well-known triptych of security - backup files, update the software, and protect the device.
"The results of the CTB-Locker attack on a company or a user that does not have a backup solution can be a real headache. In reports, we have seen companies pay thousands of dollars for it recovery of their data" concludes Ramos.
