Heatmap for CryptoDefense Detections

Trojan Cryptodefense the new Ransomcrypt

Cryptolocker malware (Trojan.Cryptolocker) was considered a success by cybercriminals. But everything shows that they do not stop there. The malware have been turning their attention to developing new ransomcrypt malware. The sophisticated CryptoDefense (Trojan.Cryptodefense) is such a malicious software.

CryptoDefense
CryptoDefense

The CryptoDefense appeared at the end of February of 2014 and since then Symantec's telemetry shows that the company's software has blocked over 11.000 unique CryptoDefense infections. Using the Bitcoin addresses provided by malware creators to pay for the ransom and looking at the publicly available Bitcoin blockchains information, the company estimates that this malicious software has made cybercriminals more than 34.000 dollars in just one month (depending on the value of Bitcoin at the time of writing).

"Imitation is not only the most sincere form of flattery but also the most sincere form of learning" - George Bernard Shaw.

CryptoDefense, in essence, is an advanced hybrid design that incorporates a number of effective techniques previously used by other malware developers to extract money from the victims. These techniques include the use of Tor and Bitcoins for anonymity, file encryption using RSA 2048 powerful encryption, and the use of pressure tactics such as increased cost threats if ransoms are not paid in a short time. Symantec has noticed that CrytoDefense arrives via e-mail. If someone makes the mistake and opens the file, (usually .PDF) CryptoDefense will be installed on his computer and will immediately attempt to communicate with one of the following remote domains. Crypt domainsOnce the remote site responds, the malware enables encryption and sends the private key back to the server. Once the remote server confirms receipt of the private decryption key, the malware sends a της επιφάνειας εργασίας του μολυσμένου υπολογιστή, στον κακόβουλο χρήστη. Μόλις κρυπτογραφήσει τα αρχεία του θύματος, το CryptoDefense δημιουργεί τα ακόλουθα αρχεία σε κάθε φάκελο που περιέχει κρυπτογραφημένα αρχεία: HOW_DECRYPT.TXT HOW_DECRYPT.HTML HOW_DECRYPT.URL Οι συγγραφείς του κακόβουλου λογισμικού χρησιμοποιούν το δίκτυο Tor για την καταβολή των λύτρων. Αν το θύμα δεν είναι εξοικειωμένο  με το δίκτυο Tor, παρέχουν περαιτέρω οδηγίες για το πώς να κατεβάσουν ένα Tor και πως να πληκτρολογήσουν το μοναδική διεύθυνση Tor για να πάνε στην ιστο s. Using the Tor network hides the website's location and provides anonymity to the attacker. Once the user opens the unique personal payment page, and "deposits" the ransom they will receive the unique decryption key. It is worth noting that the ransom demanded by the malware developers is around 500 dollars and must be paid within four days or the price is doubled. Cybercriminals' use of this time pressure tactic gives victims less time to react.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).