While law enforcement won an important battle against cyber crime by taking down the Gameover Zeus botnet and hampering the threat of CryptoLocker malware, that hasn’t stopped persistent and innovative criminals from producing variants on file-encryption malware like the recently detected Cryptoblocker, according to Trend Micro.
Cryptoblocker (TROJ_CRYPTFILE.SM) has restrictions, among them, not infecting files larger than 100MB. It differs from other ransomware variants in that it doesn’t drop text files instructing victims on how to decrypt files. Rather, it displays a dialog box that requires the victim to enter a transaction ID.
Instead of using CryptoAPIs for encryption, the malware code contains the advanced encryption standard (AES). The blog said it was “highly interesting” that the compiler notes were still intact after the code was unpacked since they are typically removed to prevent detection and blocking.