WARNING! There is a new ransomware on the block
With great power comes great responsibility! However, it is unfortunate that cybercriminals are leveraging upon the power of bitcoin (especially anonymity and ease of transfer) for all the wrong purposes. Recently many computers around the world were targeted by multiple ransomware.
These ransomware – TorrentLocker, CTB-Locker and the latest TeslaCrypt enters the computer through infected files that the user might have downloaded as an email attachment or a software patch/ plugin. Once written to disk, they gain access to stored data to render them inaccessible by encrypting them.
Once data is compromised, the cybercriminals hold it hostage and demand ransom from their victims. These ransomware required the victims to pay ransom in bitcoin. The ransom so far has ranged between one BTC and four BTCs.
Now, there is another threat by the name Cryptofortress. Security researchers recently discovered this ransomware after it attacked computers in Australia. Initially it was thought to be an updated version of TorrentLocker as they both share the same source code for webpages and ransom note. Up on further analysis, combined with inputs from Cryptofortress’ victims they concluded that it is in fact a new strain of ransomware.
Cryptofortress uses AES-256 encryption in ECB mode and communicates with the command and control server through Tor. Once the ransomware identifies supported files on the host computer, it makes a copy of them with .frtress extension until the encryption process is compete. Once encrypted, it will restore the file to its original name rendering it unusable without decryption.
Similarly, TeslaCrypt is targeting gamers. Even it uses an AES encryption method to encrypt about 200 different file formats, out of which over 50 are game related. Emsisoft, a computer security company, discovered TeslaCrypt last month. The files encrypted by TeslaCrypt will have .ecc extension and the victim are demanded to pay a ransom of 1.5 BTC or $1000 equivalent in two PayPal My Cash cards to decrypt the affected files.
Once the data is encrypted by a ransomware, it is as good as lost without the decryption key. This leaves the victim with two options; either pay the ransom (and hope for the perpetrator to give the key) or perform a system restore and lose the encrypted data forever. Even if someone pays the ransom, there is no guarantee that the person will get his decryption key. Hence, it is always advisable to maintain an offline backup of all the important data to prevent losses under such circumstances.