Cryptolocker. Just the word sends chills down the spines of business executives and IT admins everywhere. This ransomware was the bane of business because of its deadly simplicity: a virus that would encrypt the hard drive of whatever computer it infected and in exchange for a decryption key it demanded payment, no matter the desktop security software.
Getting infected was as simple as an end-user downloading a file attachment and allowing it to install; and why wouldn’t they? At the time there were no anti-virus programs that knew how to spot it, let alone fight back. Those stuck with the virus were forced to hand over hundreds of dollars to get their computer back up and running or resort to formatting the hard drive and losing all of their work.
Then in early June, 2014 the FBI reported a takedown of the GameOver Zeus botnet, seizing several servers and with it the heart of the Cryptolocker distribution method. The FBI had won, and Cryptolocker’s main distribution method was dead… right?
But Cryptolocker isn’t dead, or even hurt. The success of Cryptolocker inspired many cyber criminals, and now it’s evolving into something worse.
A new, stealthier ransomware called Critroni – or CTB-Locker (Curve-Tor-Bitcoin Locker) – is in the works and it claims to be bigger and better than Cryptolocker, which means bad news for business.
Just like its predecessor Critroni encrypts the hard drive and demands Bitcoin payment through a Tor network. This time the creator claims the encryption is based on elliptic curve cryptography, which is said to be much faster than other ransomware encryptions. Using the Tor network the creators are also able to send and receive payment anonymously, making it near-impossible to trace back to the source. On top of that the creators have learned from Cryptolocker’s mistakes, such as their use of a command and control infrastructure which required the infected computer to connect with a server to complete the encryption. This time, Critroni will encrypt the drive on the local PC once it gets downloaded and installed. This makes the program harder to detect as there’s less traffic use, and even if a user is blocking Tor traffic the encryption can still run.
Anti-virus creators are already on the march to prepare for this new ransomware, but the fact is there’s nothing stopping a user from downloading a file and installing it by mistake. Anti-virus, anti-malware, and anti-spyware are great at what they do, but there’s nothing more dangerous to a company than an untrained employee downloading the wrong attachment.
That’s why you should always have a failsafe. RollBack Rx and Drive Vaccine have proven to recover from any ransomware infection, because unlike other restoration or imaging programs this one works outside of the Windows OS. Even if a computer gets infected to the point of hard drive encryption, simply pressing the ‘Home’ key when the RollBack Rx or Drive Vaccine splash screen appears while booting up the computer will take the user directly to our mini-OS. From there you simply choose to return to an image that was made prior to infection. It is truly an amazing instant recovery software. No encrypted files. No malicious ransomware. No problem.