OphionLocker: Joining in the Ransomware Race

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

OphionLocker: Joining in the Ransomware Race
Botnet OphionLocker
Malware
Botnet/malware group
Exploit kits
Services
Feature Encrypt files
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-12-12
Editor/Conference F-Secure
Link https://www.f-secure.com/weblog/archives/00002777.html (Archive copy)
Author
Type Blogpost

Abstract

Last August, we blogged about a series of Ransomware that included SynoLocker and CryptoWall. In our Cryptowall blogpost, we briefly mentioned the more advanced family of ransomware CTB-Locker, which uses elliptic curve cryptography for file encryption and Tor for communication with the command & control server.

This week, another ransomware emerged using the same cryptography for encryption. It was first spotted by Trojan7Malware from a malvertising campaign that used RIG exploit kit. They dubbed the malware as OphionLocker.

Upon infection, this malware uses a Tor2web URL for giving instructions on how to send the payment and obtain the decrpytor tool.

Bibtex

 @misc{empty2014BFR337,
   editor = {F-Secure},
   author = {},
   title = {OphionLocker: Joining in the Ransomware Race},
   date = {12},
   month = Dec,
   year = {2014},
   howpublished = {\url{https://www.f-secure.com/weblog/archives/00002777.html}},
 }