OphionLocker: Joining in the Ransomware Race
Revision as of 14:21, 14 December 2014 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| OphionLocker: Joining in the Ransomware Race | |
|---|---|
| Botnet | OphionLocker |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | Encrypt files |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2014 / 2014-12-12 |
| Editor/Conference | F-Secure |
| Link | https://www.f-secure.com/weblog/archives/00002777.html (Archive copy) |
| Author | |
| Type | Blogpost |
Abstract
“ Last August, we blogged about a series of Ransomware that included SynoLocker and CryptoWall. In our Cryptowall blogpost, we briefly mentioned the more advanced family of ransomware CTB-Locker, which uses elliptic curve cryptography for file encryption and Tor for communication with the command & control server.
This week, another ransomware emerged using the same cryptography for encryption. It was first spotted by Trojan7Malware from a malvertising campaign that used RIG exploit kit. They dubbed the malware as OphionLocker.
Upon infection, this malware uses a Tor2web URL for giving instructions on how to send the payment and obtain the decrpytor tool.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR337,
editor = {F-Secure},
author = {},
title = {OphionLocker: Joining in the Ransomware Race},
date = {12},
month = Dec,
year = {2014},
howpublished = {\url{https://www.f-secure.com/weblog/archives/00002777.html}},
}