According to ESET research, the campaign is just starting out. For an in-detail report on the CTB-Locker, including screenshots, see ESET Ireland’s blog.
Free Cyber Security Training! Join the revolution today!
Beginning last week, ESET Research Team in Latin America has been tracking the activity of CTB-Locker, a filecoder detected by ESET’s telemetry as Win32/FileCoder.DA. The infection starts when the victim receives an e-mail with the subject “fax,” containing an attachment that resembles a facsimile. The embedded file is infected with Win32/TrojanDownloader.Elenoocka.A – a trojan downloader which tries to connect to the Internet to download other malware –in this case the Win32/FileCoder.DA, also known as CTB-Locker. Upon successful opening in the victim’s device, CTB-Locker encrypts specific files on the device, locks the screen, and displays a ransom message.
ESET researchers have also noticed a similarity between CTB-Locker and CryptoLocker as they both have a similar pattern of encrypting the victim’s files and differ only in the use of encryption algorithm. Similarly to CryptoLocker, the victim is requested to pay a ransom in Bitcoins – of approximately 8 Bitcoins (valued around $ 1,680).
The best prevention is to follow the well-known security “mantra” – backup your files, update your software and protect your device. The impact the CTB-Locker can have on a company or a user who does not have a backup solution can become a real headache. ESET has received reports of companies paying thousands of dollars to recover their data.
About ESET Ireland
ESET Ireland will keep your hardware and software performing as it should. The company has hundreds of people around the world working hard every day so customers’ computers, tablets, smartphones and servers are properly protected. All with minimal impact on their performance.