Difference between revisions of "New crypto-ransomware emerge in the wild"
Jump to navigation
Jump to search
m (1 revision imported) |
Revision as of 16:30, 7 February 2015
(Publication) Google search: [1]
| New crypto-ransomware emerge in the wild | |
|---|---|
| Botnet | Cryptoblocker, Critroni |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2014 / 2014 07 31 |
| Editor/Conference | Trend Micro |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/new-crypto-ransomware-emerge-in-the-wild/ blog.trendmicro.com (blog.trendmicro.com Archive copy) |
| Author | Eduardo Altares II |
| Type | Blogpost |
Abstract
“ Just like other ransomware variants, the Cryptoblocker malware, detected as TROJ_CRYPTFILE.SM, will encrypt files for a specific amount. However, this particular variant has certain restrictions. For one, it will not infect files larger than 100MB in size. Additionally, it will also skip files found the folders C:\\WINDOWS, C:\\PROGRAM FILES, and C:\PROGRAM FILES (X86).
And unlike other ransomware variants, Cryptoblocker will not drop any text files instructing the victim on how to decrypt the files. Rather, it displays the dialog box below. Entering a transaction ID in the text box will trigger a message stating that the “transaction was sent and will be verified soon.”
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1391,
editor = {Trend Micro},
author = {Eduardo Altares II},
title = {New crypto-ransomware emerge in the wild},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2014},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-crypto-ransomware-emerge-in-the-wild/ blog.trendmicro.com}},
}