Why CryptoLocker might not be dead and buried

Security

by Jimmy Nicholls| 21 July 2014

A security researcher has disputed the FBI's claim to have ‘neutralised’ the virus.

CryptoLocker ransomware is alive and well despite the FBI's recent claim that "nearly all" computers infected by its botnet had been freed from criminal control, according to the security firm Webroot.

The company has warned that the public are still vulnerable to extortion through ransomware distributed by other botnets, including CryptoWall, New CryptoLocker, DirCrypt and CryptoDefense.

Tyler Moffitt, threat research analyst at Webroot, said: "While seizing the majority of the Gameover Zeus botnets from the suspected 'mastermind' Evgeniy Bogachev was a big impact to the number of computers infected with Gameover Zeus - about a 31% decrease - it's a very bold claim to state that Cryptolocker has been 'neutralised'.

"Although Evgeniy Bogachev and his group had control of a major chunk of Zeus botnets and command and control servers that deployed CryptoLocker, it was certainly not all or even the majority of Zeus botnets in existence."

International police took down the Gameover Zeus (GOZeuS) botnet responsible for distributing CryptoLocker in May, disrupting a virus which encrypts users' files before demanding payment to decrypt them.

Following the takedown the public was warned it had a two week period in which to patch computers and prepare for the resurgence of CryptoLocker, which earlier this month was said by the FBI to be "effectively non-functional and unable to encrypt newly infected computers".

"The best way to stay protected by attacks like this is to utilize backups to either the cloud or offline external storage," Moffitt added.

Victims can now be required to install an encrypted browser to pay the ransoms, allowing authors to skip middlemen and increase profits.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.