Windows trojan packs punch, downloads ransomware "Cribit"

Share this article:
A physics expert believes the agency isn't any further along in its efforts.
Cribit ransomware demands Bitcoin payment to decrypt hostage files, Trend Micro reveals.

Users infected with a Windows trojan may be in for another devious surprise – ransomware that encrypts computer files and demands Bitcoin payment to decode the data.

According to researchers at Trend Micro, the Windows trojan, called “Fareit,” is an information stealer that has been used to download other malware, like Zeus. Recently, however, analysts discovered that Fareit was being used to spread ransomware called “Cribit.”

In a Monday blog post, Rhena Inocencio, a threat response engineer at Trend Micro, said that two variants of Cribit had been identified by the firm. One, that encrypts files and uses an English message for ransom, and another delivering a “multilingual ransom note, with 10 languages included.”

Messages in English, French, Spanish, Chinese and Arabic are among the variations scamming users, Inocencio wrote.

In the ransom note, users are directed to a website on the Deep Web, which is accessible only through Tor.

Trend Micro found that 40 percent of Cribit victims were in the U.S., and that the variants, which demand $240 worth of Bitcoin, were detected as new iterations of malware, called "BitCrypt."

In a Wednesday email, Christopher Budd, threat communications manager at Trend Micro, told SCMagazine.com that, as is the case with other ransomware, like CryptoLocker, researchers “cannot say for certain that paying the bag guys will result in decrypting the files.”

“After all, cyber criminals are after one goal: to get a person's money,” Budd wrote. “Returning/decrypting a victim's files won't certainly be a priority or major concern for these people. Additionally, paying the ransom may encourage and help expand the operations of cyber criminals.”

To avoid infection or lessen the impact of ransomware threats, Trend Micro recommended that users avoid clicking embedded links in emails, which can contain malware, and to regularly update software as an added security layer. In addition, users should backup important documents, a Trend Micro FAQ page on ransomware suggested.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.