Cryptolocker – as active as ever!

CryptolockerThe Cryptolocker threat was detected several years ago, but there is no sign that it is planning to stop its activity and let other viruses dominate.

You can still download Cryptolocker without expecting this because the main way used to spread it relies on seemingly harmless email messages.

Once infected, it targets all the below file extensions and holds them for ransom:

3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx.

As you can see, this list is full of widely used files names, such as doc, xls and similar.

According to experts, Cryptolocker virus is spread using officially-looking emails, fake pop-ups, and similar techniques. A recent one would be from one that looks like Australia Post.

In this digital age, users must be naturally suspicious of emails with attachments. If you are not expecting anything, permanently delete the email.

There is also a growing number of Cryptolocker variants that is also making its way around the world. They look like the below:

  • Crypt0L0cker Virus
    This is one of file-encrypting ransomwares that are capable of infiltrating computers thru fake Java updates or thru infected email attachments.
  • CryptoLocker-v3
    When infected with Cryptolocker-v3 ransomware (you can download it after clicking on the fake popup that says that you need to update your Java or Flash Player), you can expect that it will block the most of your files.
  • Cryptographic Locker
    Cryptographic Locker is very similar to CryptoLocker ransomware. It shows for the victim what files were encrypted and asks to pay 0.2 BTC in exchange for the decryption key that is needed for recovering files. This ransom is equal to $100.
  • PCLock ransomware
    PCLock is a dangerous threat that asks to pay 1 bitcoin (or $300) in 72 hours for unblocking the files. Fortunately, it is not as aggressive as the original CryptoLocker version, so you should be capable of eliminating it with the help of your IT Provider.
  • CryptoTorLocker2015
    CryptoTorLocker2015 is capable of infecting not only Windows OS. It can also infiltrate Android OS and block the device. If this device is filled with precious photos or business documents, you can lose them. Fortunately, uninstalling affected application, which was used for downloading CryptoTorLocker virus to your computer can help you to remove this virus from your device. Also, you should use backups of your files to start using them again.

For more information on how we can support your security needs, call your local TCT Office today.

Robert Brown
22/07/2016

Follow us on LinkedIn:

Related Articles:
How do Systems get compromised?
Update on the Spyware Landscape

Written by