Backup Your Files: Cryptolocker Copycat Spotted
Double check that your computer backups are scheduled & running properly – there’s a new piece of ransomware being spread.
Like the infamous Cryptolocker, “Locker” generates revenue for its creators by encrypting files on the infected machine & demanding payment to get them back. After encrypting a file, Locker adds a “.perfect” extension, deletes the original copy, and drops a “contact.txt” file in the directory.
In order to get the files back, victims must use the details contained within “contact.txt” to purchase the decryption key for $150 via Perfect Money or QIWI VISA Virtual Card. Victims are warned that any attempt to threaten or harass the attacker will result in the decryption key being deleted from the server.
Locker is currently being distributed through compromised sites rigged with drive-by-download attacks or executable files disguised as MP3 files. Thousands of users have already been affected in the U.S., Germany, Netherlands, and Russia.
There is a glimmer of hope when it comes to this new threat, though. The Locker ransomware appears to be built on the TurboPower Lockbox library and uses AES-CTR to encrypt files. Security researchers are currently working on developing a universal decryption tool that can be used to restore files without having to pay the ransom.
Only Avira antivirus is said to be capable of detecting the threat as of late Thursday.
[via The Register]