Asymmetric encryption uses two different keys for encrypting and decrypting messages. Victim files are encrypted using asymmetric encryption. CryptoLocker then connects to the attackers’ command and control (C2) server to deposit the asymmetric private encryption key out of the victim’s reach. If one computer on a network becomes infected, mapped network drives could also become infected. The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. In addition, there have been reports that some victims saw the malware appear after a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground. DescriptionĬryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices.
As of this time, the primary means of infection appears to be phishing emails containing malicious attachments. CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. US-CERT is aware of a malware campaign that surfaced in 2013 and is associated with an increasing number of ransomware infections. (The content below comes from an article provided by US-CERT, the US Computer Emergency Readiness Team. Q: What is CryptoLocker Ransomware? Answer
0 kommentar(er)
