Windows trojan packs punch, downloads ransomware "Cribit"

Share this article:
A physics expert believes the agency isn't any further along in its efforts.
Cribit ransomware demands Bitcoin payment to decrypt hostage files, Trend Micro reveals.

Users infected with a Windows trojan may be in for another devious surprise – ransomware that encrypts computer files and demands Bitcoin payment to decode the data.

According to researchers at Trend Micro, the Windows trojan, called “Fareit,” is an information stealer that has been used to download other malware, like Zeus. Recently, however, analysts discovered that Fareit was being used to spread ransomware called “Cribit.”

In a Monday blog post, Rhena Inocencio, a threat response engineer at Trend Micro, said that two variants of Cribit had been identified by the firm. One, that encrypts files and uses an English message for ransom, and another delivering a “multilingual ransom note, with 10 languages included.”

Messages in English, French, Spanish, Chinese and Arabic are among the variations scamming users, Inocencio wrote.

In the ransom note, users are directed to a website on the Deep Web, which is accessible only through Tor.

Trend Micro found that 40 percent of Cribit victims were in the U.S., and that the variants, which demand $240 worth of Bitcoin, were detected as new iterations of malware, called "BitCrypt."

In a Wednesday email, Christopher Budd, threat communications manager at Trend Micro, told SCMagazine.com that, as is the case with other ransomware, like CryptoLocker, researchers “cannot say for certain that paying the bag guys will result in decrypting the files.”

“After all, cyber criminals are after one goal: to get a person's money,” Budd wrote. “Returning/decrypting a victim's files won't certainly be a priority or major concern for these people. Additionally, paying the ransom may encourage and help expand the operations of cyber criminals.”

To avoid infection or lessen the impact of ransomware threats, Trend Micro recommended that users avoid clicking embedded links in emails, which can contain malware, and to regularly update software as an added security layer. In addition, users should backup important documents, a Trend Micro FAQ page on ransomware suggested.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.