CryptoDefense ransomware can now be installed in ‘drive-by’ downloads

Data Jimmy Nicholls

10:21, May 28 2014


Hackers generously offer to decrypt one file free of charge.

A potent new type of ransomware can now be installed as people casually browse the web, in what has been termed "drive-by" attacks, it has been revealed.

CryptoDefense makes use of Java to install itself onto vulnerable systems without any action being taken by the recipient, a delivery system more dangerous than the email attachment method revealed by Symantec in March.

In a report, security firm Bromium Labs said: "With the widespread success and proliferation of such ransomware, it's obvious that traditional approaches to end user security are failing to offer countermeasures against this kind of threat."

Ransomware locks up a computer system by encrypting files, blackmailing the user by demanding payment in order for the system to be unlocked.

"The rate of new crypto malware attacks seems to be increasing. It appears to be a profitable business for the underground crimeware gangs," Bromium added.

Another report by Symantec revealed that 11,000 instances of the virus had been detected by the end of March, earning an estimated $34,000 for the crime gang responsible. Similar malware Cryptolocker was thought to have earnt $27m in bitcoins by the end of last year.

Bromium expect ransomware to become more prominent as time goes on, an impression partially justified given yesterday's reports of widespread ransomware among Apple customers in Australia.

Ransoms issued from CryptoDefense increase over time, with payment being demanded through Bitcoin. The malware also disables system restore, an advance over its rival Cryptolocker.

Victims are encouraged not to pay to have their systems unlocked, but instead to contact the support team of the system they are using. Bizarrely, the unlocking service offers to decrypt one file free of charge before you make a payment.

"It is worth to consider Isolation based security technologies that put a barrier between your real host computer and any malware of this nature," Bromium said.

Source: Company Press Release

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.