A security company has revealed that Cryptolocker may have managed to infect anywhere between 200,000 to 250,000 infections and could have collected over $980,000 in Bitcoins.
Dell SecureWorks’s counter-threat unit (CTU) research team has examined the infection rates of Cryptolocker and claims that the malware has been developed by either Russian or Eastern European cybercriminals. The CTU pegs the earliest infections at September 5 this year in the US; however the methodology used to distribute the initial set of malware is still not clear.
Unlike other ransomware and malware, which can be cleaned using desktop based antivirus and antimalware software, Cryptolocker can’t be cleaned and if a user does try to weed out the malware there is no way to recover the encrypted files as the decryption key is located on one of the Cryptolocker C&C and is only released if the user pays the asked ransom.
“Instead of using a custom cryptographic implementation like many other malware families, CryptoLocker uses strong third-party certified cryptography offered by Microsoft’s CryptoAPI”, notes Dell SecureWorks in a blog post.
“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent. The malware uses the “Microsoft Enhanced RSA and AES Cryptographic Provider” (MS_ENH_RSA_AES_PROV) to create keys and to encrypt data with the RSA (CALG_RSA_KEYX) and AES (CALG_AES_256) algorithms.”
The security company claims that perpetrators behind Cryptolocker managed to infect as many as 250,000 systems within the first 100 days and they could have collected as much as $980,000 in ransom.
