Analysts spot ‘Critolock,’ ransomware claims to be CryptoLocker | SC Media
TDR

Analysts spot ‘Critolock,’ ransomware claims to be CryptoLocker

September 17, 2014

A new ransomware variant called “Troj_Critolock.A.,” which claims to be CryptoLocker, has been detected by researchers.

On Wednesday, Alvin Bacani, a research engineer at Trend Micro, revealed in a blog post that users infected with the malware are shown a wallpaper message reading, “All your files have been encrypted.” Below the message, a shield icon is depicted, followed by “CryptoLocker."

Bacani noted, however, that the malware differs from CryptoLocker in a number of ways, including the fact that it has an MSIL compiled packer, "which means that it needs a .NET framework in order to work, as opposed to the previous Cryptolocker version," he wrote. Critolock also uses a managed version of Rijndael, a symmetric-key algorithm, to encrypt files before requesting Bitcoin payment from victims who wish to retrieve their data. CryptoLocker uses an asymmetric algorithm (RSA), he explained.

prestitial ad