14 DAY TRIAL // CryptoLocker is one of the most dangerous pieces of ransomware currently doing the rounds. That’s because it encrypts certain files and holds them that way until the victim agrees to pay up.
Trend Micro researchers have been analyzing the threat and they’ve uncovered some interesting things.
First of all, the malware appears to be distributed via spam campaigns. One of the emails analyzed by Trend Micro appears to be a complaint report coming from Dun & Bradstreet.
“Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position,” the malicious emails read.
The file that’s attached to the notification is a downloader detected as TROJ_UPATRE. Once it finds itself on a device, it downloads a version of CryptoLocker and a version of ZeuS, the notorious data-stealing malware.
This means that the cybercriminals can make a serious profit from each of the victims. Since currently there’s no way of getting your data back without paying the fine, many victims might choose to pay the $300 (€220) ransom.
Furthermore, the information stolen by ZeuS can be monetized in various ways, including by selling it on the underground market or by using it to access bank accounts.
A few days ago, AlienVault experts also reported seeing a variant that accepted Bitcoin as payment of the ransom.
The best way to protect yourself against CryptoLocker is to avoid opening files or links contained in unsolicited emails. Also, make sure a comprehensive security solution is running on your computer.
As Trend Micro experts highlight, CryptoLocker needs to connect to certain URLs in order to retrieve the public key, which it uses to encrypt the files. Since antiviruses usually block malware from communicating with its command and control server, the threat will not be able to hijack your files.