About the Post

Author Information

Yet more encryption black mail ware

There is a third criminal ransomware gang ramping up their attacks. The malware is called CryptorBit, (also known as HowDecrypt), and follows a very similar attack process as CryptoLocker and CryptoDefense, but the malware corrupts the first 512 or 1024 bytes of any data file it finds, regardless of extension. It also seems to be able to bypass Group Policy settings that were put in place to defend against this type of ransomware infection.

Infections with this recent CryptorBit strain are on the rise, and once a user’s files are encrypted, up to $500 ransom in bitcoin is demanded to decrypt the files. It was initially released December 2013, and after debugging their criminal infrastructure, attacks are now increasing.

To add insult to injury, the cybercrims are also installing so-called cryptocoin miner software which utilizes the victim’s computer to mine digital coins such as Bitcoin, which will get deposited in the malware developer’s digital wallet, making them even more money. The cyber gang uses social engineering to get the end-user to install the ransomware using a fake Flash update, or install a rogue antivirus product.

When the workstation is infected, the bad guys want you to install the Tor Browser, enter their address, and follow instructions on their website how to pay. They leave a friendly reminder that the sooner you pay, the more chance you have to “recover the files”. Once you pay, supposedly you get their CryptorBit Decryptor program. Based on the payments sent to known CryptorBit Bitcoin addresses, quite a few people appear to have paid the ransom.


No comments yet.

Leave a Reply