CryptoLocker Ransomware Variant Includes More Pernicious Features
Security researchers say that the Cryptolocker ransomware, or a copycat variant, has become more pernicious because it can now spread automatically to USB sticks.A new variant of the file-encrypting ransomware known as CryptoLocker has begun spreading using a dangerous new feature: self propagation through USB drives, according to multiple security firms.
Antivirus firms Trend Micro and ESET both found evidence of the new version of CryptoLocker spreading on the Internet. The malicious software is somewhat different than the original CryptoLocker, including functionality which creates a copy of itself on removable media, suggesting that the malware could be a copycat.The ability to spread to other computers and encrypt data means that the ransomware variant could spread more widely than the original CryptoLocker, according to JD Sherry, vice president of technology and solutions for Trend Micro. "This is a clear-cut example of something that, whether it is a variant or a copycat, it's another low-cost channel to deliver malware with the end goal of trying to steal sensitive information, such as banking credentials or getting a ransom," Sherry told eWEEK. CryptoLocker has raised the bar for the class of malware known as ransomware. Ransomware typically locks a PC by modifying the operating system until the user pays a fee. CryptoLocker, however, uses the Windows operating system's encryption library to make more than 70 types of files unreadable without a key. The malware has effectively forced many companies to pay the ransom because they did not have adequate backups to recover the data.
While the latest resurgence of ransomware schemes began more than a year ago in Russia and Eastern Europe, more than half of all CryptoLocker infections are in the United States. The latest version, called "CryptoLocker 2.0" by its creators, can spread like a virus or worm by infecting USB sticks. While the malware does not apparently have the ability to automatically run, the copied executable file could allow it to spread further, according to Trend Micro.