Cryptolocker may have lost the crown, but there is an army of variants trying to encrypt your client’s files and claim the throne as King of all Ransomware.
Cryptolocker rocketed to prominence in late 2013, encrypting files on victim’s computers and demanding payment in Bitcoins to unlock them. The ransomware extorted up to $30 million from victims in 100 days, according to one estimate.
Last month, the U.S. Justice Department announced the seizure of computer servers central to Cryptolocker’s operation. Court documents highlight government attorneys reporting on July 11 that Cryptolocker’s infrastructure is “dismantled” and “no longer capable of encrypting newly infected computers.”
At least one security researcher, Tyler Moffit of Webroot, says it is not time to bust out the party hats. He notes in his recent post, Cryptolocker is not dead:
“It is only the samples dropped on victims computers that communicated to those specific servers seized that are no longer a threat. All samples currently being deployed by different botnets that communicate to different command and control servers are unaffected by this siege – the majority of encrypting ransomware.”
What this means: the old Cryptolocker is dead, but a new variant could rise from the grave. Even if Cryptolocker returns, it could find another brand of ransomware sitting in its throne.
Critroni is a similar type of ransomware that went on sale in underground forums in June, according to Infosecurity, just days after the Department of Justice announced its takedown of Cryptolocker.
Critroni is also called CTB-locker for Curve/Tor/Bitcoin. As with Cryptolocker, Critroni encrypts files on a victim’s computer and demands a payment in Bitcoins to decrypt them.
Critroni is one of hundreds of thousands – if not millions – of ransomware variants. Rather than playing malware wack-a-mole, IT providers should protect their clients by securing their networks from a broad range of threats before they strike.
Here are helpful tips on how to prevent and mitigate exposure to Cryptolocker from our blog post on the topic: