1 min read

Cryptolocker weekly haul? More than 10k victims

Răzvan STOICA

November 13, 2013

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Cryptolocker weekly haul? More than 10k victims

Bitdefender Labs researchers have reverse-engineered the Cryptolocker domain generation algorythm and sinkholed the relevant domains between October 27 and November 1.

During that period, 12016 infected hosts tried to contact the sinkholed domains; the majority of connection attempts came from US-based IP addresses. in fact, judging by the distribution of infected hosts and the payment methods available, it would seem that only systems in the US are targeted, with the rest being collateral damage.

 

distributie_tari_cryptolocker

The domain generation algorithm is used to avoid the possibility that the network gets shut down by authorities, by generating new command and control subdomains every day. However, once it has been reverse engineered, security researchers can pre-register the relevant domains and count connection attempts.

Cryptolocker servers are changed very often – it is rare that a command and control server remains online for more than a week. During the monitored period, command and control servers were located in Russia, Germany, Kazakhstan and the Ukraine – but this is simply an indication of the controllers’ predilection for constant “server-hopping”.

Almost all the cryptolocker command and control servers also host a public payment service through which victims can purchase decryption keys.

decrypt_cryptolocker

 

 

 

 

Bitdefender detects and blocks Cryptolocker, as usual. An encryption-blocking tool can also be found here.

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
Bogdan BOTEZATU

November 08, 2021

2 min read
Digitally-Signed Rootkits
are Back – A Look at
FiveSys and Companions Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions
Cristian Alexandru ISTRATEBalazs BIRORareș Costin BLEOTUClaudiu COBLIȘ
1 min read