CryptoDefense could be a bigger threat than CryptoLocker

Only a couple of days ago we reported on the CryptoDefense ransomware conveniently leaving behind its decryption key.

But today Stu Sjouwerman CEO of security training specialist KnowBe4 is warning that, flawed though it is, CryptoDefense represents a serious threat.

The ransomware targets text, pictures, video, PDF and Office files and encrypts these with a strong RSA-2048 key which is hard to undo. It also wipes out Shadow Copies which are used by many backup programs. This gives it the potential to cause major, major problems.

The cybercriminals behind CryptoDefense charge $500 in BitCoins to unlock the system, increased to $1,000 if you fail to pay up within the first four days.

"There is furious competition between cybergangs," says Sjouwerman. "They did their test-marketing in countries like the UK, Canada and Australia and are now targeting the US. CryptoDefense doesn't seem to be a derivative of CryptoLocker as the code is completely different, confirming this is a competing criminal gang".

The malware at first installed through programs that pretended to be flash updates or video players needed to view online footage. It has since moved on to a variety of different phishing attacks in the form of emails with a zip file directing recipients to "open the attached document" which was supposed to have been "scanned and sent to you".

"It is obvious that this is a social engineering ploy and that effective security awareness training will prevent someone from opening these infected attachments when they make it through the filters (which they regularly do)," says Sjouwerman. "Once infected, the only way to fix this relatively fast is to make sure you have a recent backup of the files which actually can be restored. Even then, it can take several hours to restore the data".

Sjouwerman also points out that the flaw which left behind CryptoLocker’s key has almost certainly been fixed by now. You can find out more about how to avoid getting caught by ransomware on the KnowBe4 website.

Image Credit: Carlos Amarillo / Shutterstock

Comments are closed.

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.