**Note : The file names will be random Execution and persistenceĬryptoLocker hides its presence from victims until it has successfully contacted a command and control (C & C) server and encrypted the files located on connected drives.
The archive contained a single executable with the same filename as the ZIP archive but with an EXE extension. Only the first character of the filename is capitalized. Attached to these emails was a ZIP archive with a random alphabetical filename containing 13 to 17 characters. Or an invoice of the purchase the victim which has never made, or a mail regarding salary hike from an HR. The temptation was often a “consumer complaint” against the email recipient or their organization. CryptoLocker Ransomware was distributed through spam emails targeting business professionals. For example, not preventing auto-run option of USB drives can easily be exploited by perpetrators to execute Ransomware.Īnother common strategy adopted by ransomware to gain access to systems via the e-mail. Ransomware can also enter the system through lack of strict compliance rules within an organization.
These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers. Exploit kits are a type of malicious toolkit used to exploit security holes or vulnerabilities found in software applications (Java, Adobe Reader, Adobe Flash etc). Many exploit kits include ransomware and are actively used to attack systems. Vulnerabilities in software applications provide an easy route for infecting systems with CryptoLocker. Infection methodĬryptoLocker uses multiple strategies to gain access to the victim’s system. In some case the attacker offer to decrypt data via an online service for a significantly higher price in bitcoin (current 1 bitcoin = INR 40335.59 | 604.93 US Dollar). If victim does not pay ransom the attacker will delete the private key. The ransomware pops up a message, which offers to decrypt the data if a ransom (through either bitcoin or a pre-paid cash voucher) is paid in a stated deadline, and threatened to delete the private key if ransom is not paid before the deadline. When activated, the ransomware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on server controlled by attacker.
The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwanted software that compromise the security. Previously the attackers using Angler EK to distribute CryptoLocker is now moved to Neutrino EK. Neutrino Exploit Kit is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. BackgroundĬryptoLocker is a ransomware which targets computers running Microsoft Windows, believed to have first been posted to the Internet on 5 September 2013. CryptoLocker is propagated via infected email attachments, and via an Exploit kit(EK). Without access to the private key, it is next to impossible to decrypt the files that are being held for ransom. The attacker makes the private key available to the victim only after the ransom is paid, though that is not always the case as seen in recent ransomware campaigns. The public-private pair of keys is uniquely generated by the attacker for the victim with the private key to decrypt the files stored on the attacker’s server. Asymmetric (which has public and private) encryption is cryptography in which a pair of keys is used to encrypt and decrypt a file. Ransomware is a type of malware that employs asymmetric encryption to take a victim’s information as hostage over a ransom. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. Malware, short form of malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. The malware being designed by attackers are polymorphic and metamorphic which have the ability to change their code as they propagate. One of the major and serious threats on the internet today is malicious software, often referred to as a Malware.