The dreaded Cryptolocker virus is still a threat, says Tyler Moffitt, a threat research analyst at security firm Webroot.
Cryptolocker is one of the most infamous recent forms of “ransomware” to have infected PC’s. It locks access to files, demanding a ransom payment of bitcoins to restore access. Understandably, Bitcoin is a preferred method of payment in order to grant anonymity to the attacker. Tor, which can make transactions somewhat anonymous, is another method.
In one string of infections, Israeli victims reached out to a local Bitcoin exchange to buy the bitcoins they desperately needed. The exchange reportedly took the liberty to waive fees and notify police on their behalf.
In a blog post titled “Cryptolocker is not dead”, Moffitt says that FBI claims of having neutralized the virus are dubious. The FBI previously claimed that “Cryptolocker has been neutralized by the disruption and cannot communicate with the infrastructure used to control the malicious software.” Moffitt explains:
FXTM Recruits Financial Broadcaster Han Tan to its Market Research TeamGo to article >>
“The reason why this claim should be scrutinized is because it is only the samples dropped on victims computers that communicated to those specific servers seized that are no longer a threat. All samples currently being deployed by different botnets that communicate to different command and control servers are unaffected by this siege…”
Malware authors can simply “rent” space from other botnet servers, and there are plenty available.
In addition, Moffitt says that malware authors have since built viruses more advanced than Cryptolocker, such as CryptoWall, New CryptoLocker, DirCrypt and CryptoDefense.
He points to several examples of Cryptolocker or its variant’s continued attacks. He also discussed some best practices on how to cope with them if you fall prey.