On the Cryptolocker Takedown #fail
December 06, 2013
Bitdefender researchers have identified a number of domains which are still hosting Cryptolocker malware command and control servers, after the takedown attempt by a group of cyber-vigilantes earlier this week.
All of the still active domain names are algorithmically generated, but somehow the cyber-vigilantes failed to take them into account, so the Cryptolocker network is still under full control of its creators. Some domains which were hard-coded into the Cryptolocker virus itself were not included in the takedown, but there seem to be no active command and control servers there at this time.
In any event, successfully sinkholing the entire Cryptolocker network and leaving it at that would create about as many problems as it solves. A takedown attempt must be combined with with some way to retrieve the private keys already present on command and control servers. Otherwise, many victims would be left with absolutely no way to decrypt files already encrypted by Cryptolocker.
tags
Author
Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. Recruited by Bitdefender in 2004 to add zest to the company's online presence.
View all postsRight now Top posts
Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
June 08, 2023
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
May 02, 2023
EyeSpy - Iranian Spyware Delivered in VPN Installers
January 11, 2023
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
January 05, 2023
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
