Second generation ransomware now in the wild
Ransomware is a particularly nasty form of malware that locks your computer, encrypts your files, and then demands a ransom to free your data. Payment is usually made using untraceable currencies like Bitcoin. In a lot of cases it’s easy enough to remove the malware without paying anything, but doing so won’t get your files back.
A new wave of even more dangerous ransomware is now beginning to appear in the wild. Kaspersky recently highlighted a worrying new threat called CTB-Locker (aka Critroni), nicknaming it "Onion", because it uses the anonymous TOR network. Trend Micro reported another wave of ransomware called Crytoblocker, described as the potential successor to CryptoLocker, and Synology customers are now experiencing a targeted customized ransomware attack.
Security awareness training specialist KnowBe4’s CEO Stu Sjouwerman says "This new generation of CTB-Locker ransomware is likely originating from an eastern European country like Romania or the Ukraine as some of the first infections were seen in Russia. Russian cybercrime never hacks in Russia itself due to the likelihood of immediate arrests by Russian security services".
KnowBe4 lists five reasons why this new wave of ransomware threats is more dangerous than the first:
- CTB-Locker is the very first Windows ransomware that uses the TOR network for its command & control (c&c) servers which makes it much harder to shut down.
- Traffic between the malware that lives on the infected machine and its c&c servers is much harder to intercept.
- CTB-Locker encrypts files using little-used and super strong Elliptic Curve Diffie-Hellman cryptography which makes decrypting it yourself impossible.
- Compresses files before encrypting them.
- It was built as commercial crimeware, so it can be sold globally to other cybercriminals. The Bitcoin ransom can be specified, as can the extensions of the files that will be encrypted.
The best defense against ransomware is common sense -- don’t open suspicious email attachments without scanning them first, and don’t download programs from dubious sites. Regularly backing up your vital files to multiple locations (online and off) will ensure you’ll always have a copy of them even if ransomware does wreak havoc on your system.