CTB-Locker is a well-known Ransomware Trojan used by Crimeware groups to encrypt files on the victim’s endpoints and demand ransom payment to decrypt the files back to their original state. In short, it encrypted files which are stored on your computer and then requests Bitcoinach ransom in exchange for the release. ESET lab recently noticed increased activity of this threat in the whole world and provide the solution.
CTB-Locker is referred to as Win32 / FileCoder.DA. ESET’s experts explain that infection takes place via email to which is attached appendix-like texture. This document actually contains a Trojan Win32/TrojanDownloader.Elenoocka.A, which in turn gets the appropriate software CTB-Locker.
How to protect Encrypts files from CTB-Locker and Demands Ransom
When the software is started, the individual files (MS Word documents, photos, videos, etc.) encrypted on the victim’s computer. And then the message start popping up that the only chance to regain access to the files is to pay a ransom of 8 bit coins (the equivalent of approx. 6,000 thousand).
Both threats, CTB-Locker and Cryptolocker, encrypt files on the victim machine, but differ in the encryption algorithm used. It is worth paying attention to the effects that can bring this infection – both home users and large companies, if you have not created a backup of your files, they may be forced to pay thousands of dollars to recover your data, “ – says Kamil Sadkowski analyst threats ESET.
So how do you protect yourself from the CTB-Locker and other Ransomware threats ? Only through prevention. Bartholomew Noose, Team Leader ESET has prepared five points that can help you with this:
- Create a backup of your files – encrypted files cannot be deciphered without knowledge of the secret key, which is why it is important to make copies of your files.
- Software Update – with systematic updates you can be sure that all known vulnerabilities were patched, which significantly affects the safety.
- Be aware when using the network – the suspected party, a sudden change in the content of a website or a request for additional data when logging on to the site should arouse your attention.
- Update anti-virus software to the latest version – thanks to a new version of the program, all risks are more effectively detected and blocked. Do not forget to update signature database and program components provided by the manufacturer. You should also check that they are not designed to exclude from scanning antivirus configuration, in particular of the email, through which spreads CTB-Locker. It is also important to scan all files and their extensions and was enabled by default.
- Be careful – do not open attachments from unknown sources, in the case of messages pretending to be an invoice – verify the account number that is specified in the message body. Customers individual companies always have their own individual account number, and this in a phishing email is different from him.
Source: ESET, VirusResearch