More than 12k CryptoLocker victims in less than a week

Share this article:
More than 12k victims have been claimed in less than a full week by the nasty piece of malware.
More than 12k victims have been claimed in less than a full week by the nasty piece of malware.

The researchers with security technology company Bitdefender Labs revealed that more than 12,000 victims have been claimed in less than a full week by a nasty piece of malware known as CryptoLocker, which has been locking up computers with ransomware over the past couple of months.

“CryptoLocker servers are changed very often – it is rare that a command-and-control server remains online for more than a week,” according to a Bitdefender Labs post, which explains the reason for this is to avoid getting shut down by authorities. “However, once it has been reverse engineered, security researchers can pre-register the relevant domains and count connection attempts.”

Bitdefender Labs researchers did just that – they used Domain Name Server (DNS) sinkholes – and learned that 12,016 CryptoLocker-infected hosts attempted to contact the “sinkholed” domains. The bulk of those connections were traced back to Internet Protocol (IP) addresses in the U.S.

“In fact, judging by the distribution of infected hosts and the payment methods available, it would seem that only systems in the US are targeted, with the rest being collateral damage,” according to the Bitdefender Labs post.

CryptoLocker came on the radar in September as a trojan spreading through fake emails. The virus infiltrates then encrypts files in the user's computer and any mapped network drives. Once it has locked the user out, it demands a MoneyPak or Bitcoin payment within three days.

Victims who pay the ransom of two Bitcoins will receive a key that unlocks their encrypted files. The key was previously destroyed 72 hours after infection, locking the files permanently, but the developers updated CryptoLocker on Nov. 1 to allow recovery beyond the allotted time at a ransom of 10 Bitcoins.

“Almost all the CryptoLocker command-and-control servers also host a public payment service through which victims can purchase decryption keys,” according to the Bitdefender Labs post.

Share this article:

Sign up to our newsletters

More in News

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to ...

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.