New crypto-ransomware emerge in the wild
Jump to navigation
Jump to search
(Publication) Google search: [1]
| New crypto-ransomware emerge in the wild | |
|---|---|
| Botnet | Cryptoblocker, Critroni |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2014 / 2014 07 31 |
| Editor/Conference | Trend Micro |
| Link | http://blog.trendmicro.com/trendlabs-security-intelligence/new-crypto-ransomware-emerge-in-the-wild/ (Archive copy) |
| Author | Eduardo Altares II |
| Type | Blogpost |
Abstract
“ Just like other ransomware variants, the Cryptoblocker malware, detected as TROJ_CRYPTFILE.SM, will encrypt files for a specific amount. However, this particular variant has certain restrictions. For one, it will not infect files larger than 100MB in size. Additionally, it will also skip files found the folders C:\\WINDOWS, C:\\PROGRAM FILES, and C:\PROGRAM FILES (X86).
And unlike other ransomware variants, Cryptoblocker will not drop any text files instructing the victim on how to decrypt the files. Rather, it displays the dialog box below. Entering a transaction ID in the text box will trigger a message stating that the “transaction was sent and will be verified soon.”
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1391,
editor = {Trend Micro},
author = {Eduardo Altares II},
title = {New crypto-ransomware emerge in the wild},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2014},
howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-crypto-ransomware-emerge-in-the-wild/}},
}