CryptoLocker is temporarily disabled, users still at risk
Bitdefender warns that while CyptoLocker is currently disabled, it could come back to life at any moment. As such, users need to take precautions to protect against this threat.
The Trojan often comes bundled with spam messages, but the most effective vector is a secondary delivery mechanism that involves the GameOver Zeus botnet deploying CryptoLocker in a pay-per-install affiliation mechanism.
Catalin Cosoi, Chief Security Strategy at Bitdefender, states, “Zeus is a well-known and highly successful crimeware kit – the flat-pack furniture of the virus world. It is under constant development by several criminals or groups and new functionalities are constantly added. The skill bar to using it is unfortunately very low and getting lower by the day.”
Bitdefender advises that a number of machines are currently still infected with CryptoLocker that were not “activated” as the botnet disruption occurred before the locally-installed bot was able to exchange keys with the command-and-control centre and commence encryption. Most likely, these hosts will immediately become infected and lose access to their data.
“We urge users to perform an in-depth virus scan on their computers to detect and eliminate inactive instances of CryptoLocker before the encryption process starts or they risk losing some data,” adds Catalin Cosoi.
Bitdefender advises that while the fate of CryptoLocker is undetermined, other cyber-criminal groups are taking file-encrypted ransomware to a new level. An example is TorLocker, a commercial ransomware toolkit sold on underground forums as an affiliate program.
The number of ransomware-based families targeting Android has also increased in the past few months, and that the threat is not only becoming more prominent but more sophisticated as well.
Catalin Cosoi concludes, “We strongly urge users to pay extra attention to the resources they visit as well as to what they install on their computers. Software updates for third-party products such as Java, Adobe Reader or Flash should be deployed as soon as they become available. The use of an anti-malware solution would also be highly recommended.”