Tuesday, 30 December 2014

CTB (Curve Tor Bitcoin) Locker Ransomware - Specifically Aimed at Dutch Internet Users

Critroni Malware
Researchers have discovered a new variant of a particular ransomware which now specifically aimed at Dutch Internet users. It involves CTB Locker, which stands for Curve Tor Bitcoin, which for the first time in mid-July appeared and encrypts files for ransom.

CTB Locker, called Microsoft Critroni, stands out because of the methodology used. Thus, the ransomware uses the Tor network to communicate with infected computers. Instead of the file to use Tor.exe, as is done by other malware, the maker of CTB Locker has the code of Tor made part of the ransomware code.

Where ransomware also strikes a different path to the encryption used. Most ransomware uses a combination of AES and RSA encryption to encrypt the files of victims. CTB-Locker uses an asymmetric cryptographic protocol known as ECDH (Elliptic Curve Diffie-Hellman). Another new development for the first time at the CoinVault-ransomware was seen is the free decrypt files. Let CoinVault victims one file free decrypt, CTB Locker decrypts free five files.

Bitcoin Address
The ransomware is distributed through hacked WordPress sites. On the websites of malicious code is placed that uses vulnerabilities. However, it is unknown to what vulnerabilities it exactly. In the case, the attack is successful is CTB-Locker placed on the system and will encrypt the ransomware existing files. Security Researcher ' JuK 'of the blog Malware Do not Need Coffee discovered the latest version, which also supports Italian alongside Dutch.

MD5: 10f0eaa794f48ad0b15034e0683cb15f

No comments:

Post a Comment