What is Cryptolocker Ransomware?
- By Greg Brown
- Jan 20, 2023
Ransomware is an evolving malware code that has kept online predators swimming in money for decades. Due to the massive amounts of money being scammed each year from individuals and businesses, many predators are flocking to get in on the ransomware payouts.
Malware received a significant boost in 2008 with the introduction of Bitcoin. Before crypto currency, online attackers were forced to use SMS messages or pre-paid cards to get their payouts. Crypto made it nearly impossible for law enforcement to track the money.
The first modern ransomware attack in 2005 was the Trojan.GPcoder. The attack used a custom asymmetric encryption technique that was very weak. It was spread by simple email spam or phishing that promised a job, and the enclosed application was needed back ASAP
Ransomware algorithms and attack vectors splintered into two distinct forms: 1) The most common form of Ransomware was Crypto, which encrypts all the files and directories on a target system. Even if the data is moved to another system, the data is not accessible. 2) Locker Ransomware locks up the victim’s computer without harming files. Removing the malware and recovering data is possible, making locker ransomware less effective.
Cryptolocker Ransomware
Cryptolocker is a virulent form of Ransomware responsible for various high-profile attacks. What sets Cryptolocker apart from other Ransomware is its high level of encryption. Cryptolocker uses a combination of the AES and RSA algorithms. Triple DES and Blowfish algorithms are some of the most complex methods available, all used by ransomware predators.
The earliest forms of data encryption were primitive, and law enforcement found efficient ways to clean computer systems and networks.
Cryptolocker virus and its variants still use a custom form of asymmetric cryptography, making this algorithm nearly impossible to crack. Cryptolocker Ransomware employs a two-pair key technique. The encryption calls for a single link between one public and private key. Crooks encrypt files with the public key, and once the ransom is paid, the victim receives the private decryption key.
Data encryption has become highly complex in recent years, and ransomware predators are using the complexity to their fullest. New encryption algorithms are constantly in development, replacing out-of-date standards. Current algorithms are built to the exact needs of the predators, with rules satisfying the requirements of each attack.
In 2013, one of the most famous Cryptolocker attacks took place by a predator group named Slavik. A two-key technique was used in the attack. Assaults were distributed by the Gameover Zeus Trojan botnet, and a phishing email was disguised as coming from UPS or FedEx. The original version of Cryptolocker went after Microsoft Office data files, and the malware gave victims three days to pay in bitcoin. After the initial attack was completed, 600,000 machines were infected, and it was estimated nearly three percent paid the ransom.
2016 was one of the most lucrative years for Ransomware; the FBI estimates $209 million was generated in the first three months. Later in that same year, a JavaScript variant of the Cryptolocker Ransomware was discovered. With JavaScript, attackers gained the ability to encrypt multiple platforms such as Linus and MAC OS. Various malware codes came into play; the Petya virus encrypted the MBR (master boot record), making the entire hard drive inaccessible. Later in 2016, KeRanger ransomware was released; it is believed to be the first Ransomware that could attack an Apple OS.
To Pay or Not to Pay
With the Cryptolocker Ransomware, victims faced a tough decision after an attack (if back-ups are worthless), either pay up or start over. Actions boil down to two questions; 1) is the data worth more than the ransomware amount? 2) there must be a level of confidence attackers will decrypt the files if the ransom is paid.
Ransomware amounts must be low enough for a business to have the ability to pay, and law enforcement does not investigate. Predators began going after larger targets and more money. In 2022, ransom amounts were up nearly 70% this year alone.
Predators are going after conglomerates and government infrastructure around the world. Current blackmail amounts are staggering. During the first five months of 2022, the average number is $925,162. Payments worked by law enforcement in 2020 were almost $300,000.
Predators have become highly sophisticated in their ransom pricing with the CryptoWall virus, an off-shoot of the CryptoLocker virus. Once the malware has infected a network, CryptoWall is designed to check in with its command-and-control server. The C&C server checks a database and reports the IP address of the infected machine compared to a global map. The server reports back and returns a price based on the location of the IP.
Defending Against Ransomware
Cybercriminals exploit weak defenses in computer systems and networks, such as unwitting employees clicking on a phishing email. One of the most astonishing aspects of cyber-attacks is the ease of entry for predator groups. Simple phishing and other email scams are all it takes to download devastating malware code to a system.
Defending against ransomware attacks requires the complete awareness of an employee and their surroundings. More companies have gone through the catastrophe of a malware attack, and more are surviving because of comprehensive employee training initiatives.
The primary defense against ransomware malware attacks remains the same:
- Constant employee training and awareness
- Strong password generation and two-factor authentication
- Perpetual anti-virus, anti-malware, and patching updates
- Adequate backup and file management
- Implement a companywide Zero-trust architecture
- End-point security
Final Word
Companies, large and small, realize cybercrime and the predators behind the attacks are not going away. Cisco is a company that has taken up the mantle of malware detection and mitigation. Every networking product Cisco builds, from its routers to servers, can be attacked and disabled.
It is vital for Cisco, Microsoft, and other tech titans to make a difference.
Cisco is making a considerable effort to bring Ransomware to an end with its Umbrella initiative and other cyber-defense programs. Cyber predators continually upgrade their attack vectors and strategies, forming global groups to hobble infrastructure.
It is imperative for any connected user to be aware that they may be attacked at any time without cause.