![]() ![]() Then, it encrypts the random key using an asymmetric public-private key encryption algorithm (RSA) and keys of over 1024 bits (we’ve seen samples that used 2048-bit keys), and adds it to the encrypted file. ![]() The Trojan generates a random symmetric key for each file it encrypts, and encrypts the file’s content with the AES algorithm, using that key. Spawns two processes of itself: One is the main process, whereas the other aims to protect the main process against termination.Adds a key to the registry to make sure it runs every time the computer starts up.Saves itself to a folder in the user’s profile (AppData, LocalAppData).EXE extension of the malicious file.Īs soon as the victim runs it, the Trojan goes memory resident on the computer and takes the following actions: CryptoLocker takes advantage of Windows’ default behavior of hiding the extension from file names to disguise the real. ![]() The Trojan gets run when the user opens the attached ZIP file, by entering the password included in the message, and attempts to open the PDF it contains. More specifically, the victim receives an email with a password-protected ZIP file purporting to be from a logistics company. However, unlike the Police Virus, CryptoLocker hijacks users’ documents and asks them to pay a ransom (with a time limit to send the payment).ĬryptoLocker uses social engineering techniques to trick the user into running it. This continues the trend started by another infamous piece of malware which also extorts its victims, the so-called ‘ Police Virus’, which asks users to pay a ‘fine’ to unlock their computers. CryptoLocker is a family of ransomware whose business model (yes, malware is a business to some!) is based on extorting money from users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |