CryptoDefense Ransomware Flaw Leaves Behind Decryption Keys
The CryptoDefense data-napping malware follows the playbook of CryptoLocker but leaves behind the decryption key on the infected computer, security researchers find.Ransomware has become an increasingly popular way for cyber-criminals to turn infected computer systems into cash, and this year underground programmers are already churning out copycats of the most successful ransomware program, CryptoLocker, according to security firms. On March 31, security firm Symantec discovered a data-napping program, dubbed CryptoDefense, which has already netted its makers at least $34,000 in the first month, according to Symantec. The program encrypts nearly 50 different types of files, and then demands a ransom of about $500 in bitcoins for the key. "CryptoLocker was the first and its success is driving other groups into adopting the same techniques," Kevin Haley, director of security response for Symantec, told eWEEK. In 2013, CryptoLocker infected more than 200,000 machines and earned its cyber-criminal creators more than $380,000, according to Dell Secureworks, a managed security company. It's likely that the malware earned much more than that, possibly millions of dollars, the company said in December.
Symantec first detected the CryptoLocker copycat in late February and in the 30 days since, has blocked 11,000 potential infections, the company stated in an analysis. By analyzing the bitcoin addresses used to receive funds, Symantec estimated that the cyber-criminals had received more than $34,000 in the month that it tracked the threat.