CryptoLocker is temporarily disabled, users still at risk
Posted on 11.07.2014
Bitdefender warns that while CyptoLocker is currently disabled, it could come back to life at any moment. As such, users need to take precautions to protect against this threat.


The Trojan often comes bundled with spam messages, but the most effective vector is a secondary delivery mechanism that involves the GameOver Zeus botnet deploying CryptoLocker in a pay-per-install affiliation mechanism.

Catalin Cosoi, Chief Security Strategy at Bitdefender, states, “Zeus is a well-known and highly successful crimeware kit - the flat-pack furniture of the virus world. It is under constant development by several criminals or groups and new functionalities are constantly added. The skill bar to using it is unfortunately very low and getting lower by the day.”

Bitdefender advises that a number of machines are currently still infected with CryptoLocker that were not “activated” as the botnet disruption occurred before the locally-installed bot was able to exchange keys with the command-and-control centre and commence encryption. Most likely, these hosts will immediately become infected and lose access to their data.

“We urge users to perform an in-depth virus scan on their computers to detect and eliminate inactive instances of CryptoLocker before the encryption process starts or they risk losing some data,” adds Catalin Cosoi.

Bitdefender advises that while the fate of CryptoLocker is undetermined, other cyber-criminal groups are taking file-encrypted ransomware to a new level. An example is TorLocker, a commercial ransomware toolkit sold on underground forums as an affiliate program.

The number of ransomware-based families targeting Android has also increased in the past few months, and that the threat is not only becoming more prominent but more sophisticated as well.

Catalin Cosoi concludes, “We strongly urge users to pay extra attention to the resources they visit as well as to what they install on their computers. Software updates for third-party products such as Java, Adobe Reader or Flash should be deployed as soon as they become available. The use of an anti-malware solution would also be highly recommended.”





Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //