CryptoDefense ransomware can now be installed in ‘drive-by’ downloads

Security

by Jimmy Nicholls| 28 May 2014

Hackers generously offer to decrypt one file free of charge.

A potent new type of ransomware can now be installed as people casually browse the web, in what has been termed "drive-by" attacks, it has been revealed.

CryptoDefense makes use of Java to install itself onto vulnerable systems without any action being taken by the recipient, a delivery system more dangerous than the email attachment method revealed by Symantec in March.

In a report, security firm Bromium Labs said: "With the widespread success and proliferation of such ransomware, it's obvious that traditional approaches to end user security are failing to offer countermeasures against this kind of threat."

Ransomware locks up a computer system by encrypting files, blackmailing the user by demanding payment in order for the system to be unlocked.

"The rate of new crypto malware attacks seems to be increasing. It appears to be a profitable business for the underground crimeware gangs," Bromium added.

Another report by Symantec revealed that 11,000 instances of the virus had been detected by the end of March, earning an estimated $34,000 for the crime gang responsible. Similar malware Cryptolocker was thought to have earnt $27m in bitcoins by the end of last year.

Bromium expect ransomware to become more prominent as time goes on, an impression partially justified given yesterday's reports of widespread ransomware among Apple customers in Australia.

Ransoms issued from CryptoDefense increase over time, with payment being demanded through Bitcoin. The malware also disables system restore, an advance over its rival Cryptolocker.

Victims are encouraged not to pay to have their systems unlocked, but instead to contact the support team of the system they are using. Bizarrely, the unlocking service offers to decrypt one file free of charge before you make a payment.

"It is worth to consider Isolation based security technologies that put a barrier between your real host computer and any malware of this nature," Bromium said.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.