McAfee has issued a warning to users that a new form of bitcoin ransomware known as CTB-Locker is now being sent to personal computers through a spam campaign. While first identified in 2014, CTB, or “Curve Tor Bitcoin” Locker is still a relatively new development that have made some of the affected users ask the same question “What is bitcoin?”.
The ransomware is a sneaky form of malware that encrypts specific files on victimized computers (JPEG images seem to be a popular target), forcing the owner in question to pay a bitcoin ransom if they want their files back. Victims have up to four days to pay a total of three bitcoins (about $700 as of last Friday).
Christopher Budd, global threat communications manager for security software association Trend Micro, explained some of the company’s observations of the ransomware:
“We can only speculate on the criminals’ thinking for this feature, but ultimately changes in tactics are meant to maximize their return… We can only conclude that they view this sample decryption as increasing the likelihood someone affected will pay. It can best be thought of as a ‘proof of life’ step in real life hostage situations… I wouldn’t say [the attackers have] elevated their game as much as are continuing to refine their tactics in order to maximize their returns… The best thing people can do regarding ransomware is to prevent infections in the first place… Running modern security packages and not opening unknown or unexpected attachments can best protect against ransomware infections.”
Images from McAfee.