Cryptolocker has gained a new capability – ability to spread over USB drives – thereby increasing its attack surface and adding to the worries of security researcher and security companies.
According to Trend Micro, the newly discovered Cryptolocker variant can spread via removable USB drives and this is something that other ransomware and Cryptolockers don’t have. This effectively means that the Cryptolocker can now be classified into a worm and not Trojan.
As a Trojan, Cryptolocker only infected the system on which it was opened and executed. However, being a worm the new Cryptolocker, once installed on a system, can replicate itself onto a USB drive and spread further. Researchers claim that the new ransomware variant is spreading through P2P sites disguising itself as an activator for Adobe Photoshop and Microsoft Office products.
One surprising thing that the researchers noted was that the new Cryptolocker didn’t use DGA (domain generation algorithm), but instead relied on hardcoded command & control centre details. This means that the creators of the ransomware may be different and that the malware is still evolving.
“The differences between this particular CRILOCK variant and the others have led some researchers to believe that this malware is the product of a copycat”, notes Trend Micro.
For those who are not aware of Cryptolocker and its capabilities, it is a malware that locks up your files by encrypting them and demands a ransom – usually in BTC. If the malware is removed, the files are locked away completely as the only way to decrypt them is to get the decryption key by paying the malware creators or format the system and restore from the latest backup.