Did you like this?
friends and colleagues.
SecurityWeek, By Eduard Kovacs
The threat, dubbed "CTB-Locker" and detected as Critroni.A by Microsoft, was initially used against Russian-speaking users, but according to French researcher known as Kafeine, an English version has also been launched recently. The name CTB, which stems from Curve/Tor/Bitcoin, describes some of the key advantages of using this piece of ransomware.
The malware developers claim that the elliptic curve cryptography that's used to encrypt victims' files makes it impossible to decrypt them without paying the ransom. The Tor anonymity network is utilized to hide the malware's command and control (C&C) servers in order to make operations more difficult to disrupt and to protect the identity of the owner, the developers of Critroni said.
According to ThreatPost, this is the first crypto ransomware that uses Tor to protect C&C servers, a technique usually seen in banking Trojans. Furthermore, unlike other threats that rely on the anonymity network, the Tor components are embedded in the malware's body to make it more efficient and to help it avoid detection, said Kaspersky Senior Malware Analyst Fedor Sinitsyn. Read more.
Related Business News Articles
A high proportion of people are connecting to unsecured Wi-Fi networks while traveling internationally, putting their personal data at risk.Learn more >
Kaspersky Lab announced today the discovery of a critical vulnerability in popular energy equipment provided by Siemens, an equipment vendor.Learn more >
Kaspersky Lab has today published its ransomware research report, which found a drastic increase in encryption ransomware attacks, with 718,536 users hit between April 2015 and March 2016.Learn more >