More than 12k CryptoLocker victims in less than a week

Share this article:
More than 12k victims have been claimed in less than a full week by the nasty piece of malware.
More than 12k victims have been claimed in less than a full week by the nasty piece of malware.

The researchers with security technology company Bitdefender Labs revealed that more than 12,000 victims have been claimed in less than a full week by a nasty piece of malware known as CryptoLocker, which has been locking up computers with ransomware over the past couple of months.

“CryptoLocker servers are changed very often – it is rare that a command-and-control server remains online for more than a week,” according to a Bitdefender Labs post, which explains the reason for this is to avoid getting shut down by authorities. “However, once it has been reverse engineered, security researchers can pre-register the relevant domains and count connection attempts.”

Bitdefender Labs researchers did just that – they used Domain Name Server (DNS) sinkholes – and learned that 12,016 CryptoLocker-infected hosts attempted to contact the “sinkholed” domains. The bulk of those connections were traced back to Internet Protocol (IP) addresses in the U.S.

“In fact, judging by the distribution of infected hosts and the payment methods available, it would seem that only systems in the US are targeted, with the rest being collateral damage,” according to the Bitdefender Labs post.

CryptoLocker came on the radar in September as a trojan spreading through fake emails. The virus infiltrates then encrypts files in the user's computer and any mapped network drives. Once it has locked the user out, it demands a MoneyPak or Bitcoin payment within three days.

Victims who pay the ransom of two Bitcoins will receive a key that unlocks their encrypted files. The key was previously destroyed 72 hours after infection, locking the files permanently, but the developers updated CryptoLocker on Nov. 1 to allow recovery beyond the allotted time at a ransom of 10 Bitcoins.

“Almost all the CryptoLocker command-and-control servers also host a public payment service through which victims can purchase decryption keys,” according to the Bitdefender Labs post.

Share this article:

Sign up to our newsletters

More in News

New VOICE website a resource tool for cyber crime victims

A new website created to aid consumers in quickly reporting cyber crime is now available.

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.