Critroni ransomware, aka CTB-locker, has made a comeback in 2015. This threat is very similar to other types of crypto-ransomware we have covered.
A quick summary of how these threats work:
Related - Ransomware: How to prevent a crypto crisis at your business
There are many variations on this theme (Critroni allows you to decrypt up to five files, for example), and it changes constantly.
We covered the nasty bug last summer, but now it’s back with a few changes:
The above information comes from the Security Intelligence Blog.
Once files are caught in Critroni’s snare, it is impossible to decrypt them without paying the ransom.
(Side note: some people were able to decrypt files locked by Cryptolocker last year after government agencies and security firms seized its servers. However, this is not expected to happen with Critroni in the near future.)
In our eyes, paying the ransom is not an option. First, it might not work. Second, it would only perpetuate the problem.
Backing up your files and taking preventive measures are the best ways to combat this threat.
The only way to recover from a Critroni infection without paying the ransom is to remove the malware and restore your files from backup.
If you take one thing away from this post, make it this: back up your files. Now. A good backup can make the difference between an inconvenience and a disaster.
Operating your business without backups is like driving while blindfolded. One day you will crash. And it will hurt.
If you have backups and are infected, here’s what to do:
More info: Absurdly simple guide to backing up your PC
Backing up your files is one preventive measure. There are many others you can take to avoid infection:
Block - Critroni / CTB-locker infections usually begin with a “.scr” file compressed in a “.zip” or “.cab” archive, according to Société Générale CERT. If possible, block “.scr” files at the email gateway and establish application and device control policies to prevent their execution.
Patch – Always maintain the latest versions of your firmware, antivirus, operating systems, and other systems. Routinely update as new patches become available.
Educate – Explain to users the dangers and warning signs of phishing emails and suspicious attachments.
Plan – Assume disaster is inevitable. Plan how you will respond.
Configure – Adjust security settings to prevent forced downloads.
Control – Use web filtering to control the sites users can access. Use egress or outbound traffic filtering to prevent connections to malicious hosts.
Crypto-ransomware is in style. Hundreds of thousands, possibly millions, of variations exist. They have the same core approach: encrypt files, give a deadline, and demand a ransom.
Whether you call it Cryptolocker, CryptoWall, or Critroni, the threat is here and your anti-virus software cannot stay ahead of it. Hackers are altering and improving their code constantly.
So what do you do? In short, back up your files and focus on prevention.
Ransomware: How to prevent a crypto crisis at your business
CryptoWall 2.0: Ransomware is alive and well