Critroni: First File-Encrypting Ransomware to Use Tor
SecurityWeek, By Eduard Kovacs
The threat, dubbed "CTB-Locker" and
detected as Critroni.A by Microsoft, was initially used
against Russian-speaking users, but according to French researcher known as
Kafeine, an English version has also been launched recently. The name CTB,
which stems from Curve/Tor/Bitcoin, describes some of the key advantages of
using this piece of ransomware.
The malware developers claim that the elliptic curve
cryptography that's used to encrypt victims' files makes it impossible to
decrypt them without paying the ransom. The Tor anonymity network is utilized
to hide the malware's command and control (C&C) servers in order to make
operations more difficult to disrupt and to protect the identity of the owner,
the developers of Critroni said.
According to ThreatPost, this
is the first crypto ransomware that uses Tor to protect C&C servers, a
technique usually seen in banking Trojans. Furthermore, unlike other threats
that rely on the anonymity network, the Tor components are embedded in the
malware's body to make it more efficient and to help it avoid detection, said Kaspersky
Senior Malware Analyst Fedor Sinitsyn. Read more.