Site icon Panda Security Mediacenter

2015, the year of Cryptolocker

malware

At the end of 2013 the first signs of what would eventually become one of the most lucrative attacks for cybercriminals were spotted. Cryptolocker is the name of the most popular family of ransomware, which has ended up being used as the name for all threats of this type.

The threat always works on the same, simple premise: it encodes documents and demands a ransom in order for them to be returned.

They usually geo-locate the IP of the victim to show the message containing instructions on how to pay the ransom, which is always displayed in the language of the corresponding country. The payments have to be done using Bitcoin and all contact with the cybercriminal is carried out via Tor, which helps the attackers to remain at large from the authorities.

These attacks became more and more popular throughout the course of 2014, starting out with isolated attacks on individuals before turning their focus towards corporations, which turned out to be far more rewarding – the stolen information had a higher value and the ransom (usually around €300) was spare change to the majority of businesses.

In 2015 we have seen how they have fine-tuned the attacks to try and overcome any defenses that were put in their way:

How to protect against Cryptolocker

As regards protecting ourselves, we must remember that Cryptolocker has different “needs” when compared to a traditional malware – it isn’t persistent (once the documents are encoded, it doesn’t need to remain on the system and, in fact, some variations delete themselves), and it doesn’t care if it is detected by an antivirus (all that matters is that it can launch its attack before being detected, any time after that makes no difference).

Traditional forms of detection are now rather useless, as before launching an attack it will check that these technologies can’t detect the sample, and it will change itself in order to evade them if this isn’t the case. Behavioral analysis isn’t capable of detecting what it does in the majority of cases, as it usually installs itself in the processing systems to encode the files from there, making it look like a normal operation.

Only a system that monitors everything that is running on the computer, such as Panda Adaptive Defense 360, can be an effective method of stopping these attacks on time, before they put our documents at risk.


Panda Adaptive Defense
Exit mobile version