Windows trojan packs punch, downloads ransomware "Cribit"

Share this article:
A physics expert believes the agency isn't any further along in its efforts.
Cribit ransomware demands Bitcoin payment to decrypt hostage files, Trend Micro reveals.

Users infected with a Windows trojan may be in for another devious surprise – ransomware that encrypts computer files and demands Bitcoin payment to decode the data.

According to researchers at Trend Micro, the Windows trojan, called “Fareit,” is an information stealer that has been used to download other malware, like Zeus. Recently, however, analysts discovered that Fareit was being used to spread ransomware called “Cribit.”

In a Monday blog post, Rhena Inocencio, a threat response engineer at Trend Micro, said that two variants of Cribit had been identified by the firm. One, that encrypts files and uses an English message for ransom, and another delivering a “multilingual ransom note, with 10 languages included.”

Messages in English, French, Spanish, Chinese and Arabic are among the variations scamming users, Inocencio wrote.

In the ransom note, users are directed to a website on the Deep Web, which is accessible only through Tor.

Trend Micro found that 40 percent of Cribit victims were in the U.S., and that the variants, which demand $240 worth of Bitcoin, were detected as new iterations of malware, called "BitCrypt."

In a Wednesday email, Christopher Budd, threat communications manager at Trend Micro, told SCMagazine.com that, as is the case with other ransomware, like CryptoLocker, researchers “cannot say for certain that paying the bag guys will result in decrypting the files.”

“After all, cyber criminals are after one goal: to get a person's money,” Budd wrote. “Returning/decrypting a victim's files won't certainly be a priority or major concern for these people. Additionally, paying the ransom may encourage and help expand the operations of cyber criminals.”

To avoid infection or lessen the impact of ransomware threats, Trend Micro recommended that users avoid clicking embedded links in emails, which can contain malware, and to regularly update software as an added security layer. In addition, users should backup important documents, a Trend Micro FAQ page on ransomware suggested.

Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.