To recover files, the malware offered victims the option to purchase the required RSA-2048 private key. This rendered files impossible to recover for CryptoLocker victims on their own. For each infection a new RSA asymmetric key pair was generated on the CryptoLocker server. A detailed description of the operation is available here.ĬryptoLocker used AES symmetric cryptography to encrypt the files and encrypted the AES key with an RSA-2048 bit public key generated on the server side of CryptoLocker. US Law Enforcement led a joint operation from the 30th of May 2014, leading to a long term disruption of both P2P Zeus and CryptoLocker.
All of these attack types pose lower risk to the criminals compared to online banking attacks.
By the end of 2013, certain groups that were focused on online banking fraud, were moving to less risky attacks, such as ransomware, click fraud, and crypto coin mining. In collaboration with FireEye, InTELL analysts at Fox-IT worked on the investigation. CryptoLocker had a simple purpose: to act as ransomware, encrypting important files such as images and documents, and then asking the victim for money to unlock the files. In the beginning of September 2013, the CryptoLocker malware variant appeared in the wild, spread exclusively by the infamous P2P ZeuS (aka Gameover ZeuS) malware.
0 kommentar(er)
