Following an international takedown of Cryptolocker, new ransomware identified by Microsoft as Critroni.A has been gaining momentum since making a June appearance in underground marketplaces, according to a security researcher going by the name Kafeine.
The malware – which is marketed as CTB-Locker (Curve-Tor-Bitcoin Locker) and costs $3,000 per month – uses Elliptic Curve Diffie-Hellman encryption and its command-and-control is hidden on the Tor network, Fedor Sinitsyn, a senior malware analyst at Kaspersky Lab who is investigating the ransomware, told Threatpost.
Critroni is being served up in the wild by the Angler Exploit Kit, according to Kafeine. Once it claims a victim, the ransomware provides ample instructions on how to send the Bitcoin ransom. The Bitcoin ransom can be specified by the attacker, as can the extensions of files that are encrypted.