Incident Response, Malware, TDR

Analysts spot ‘Critolock,’ ransomware claims to be CryptoLocker

A new ransomware variant called “Troj_Critolock.A.,” which claims to be CryptoLocker, has been detected by researchers.

On Wednesday, Alvin Bacani, a research engineer at Trend Micro, revealed in a blog post that users infected with the malware are shown a wallpaper message reading, “All your files have been encrypted.” Below the message, a shield icon is depicted, followed by “CryptoLocker."

Bacani noted, however, that the malware differs from CryptoLocker in a number of ways, including the fact that it has an MSIL compiled packer, "which means that it needs a .NET framework in order to work, as opposed to the previous Cryptolocker version," he wrote. Critolock also uses a managed version of Rijndael, a symmetric-key algorithm, to encrypt files before requesting Bitcoin payment from victims who wish to retrieve their data. CryptoLocker uses an asymmetric algorithm (RSA), he explained.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.