Police shut down more Cryptolocker servers, new infections drop

Police shut down more Cryptolocker servers, new infections drop
Over the past couple of days, law enforcement has taken further action against the Cryptolocker ransomware.

Europol's European Cyber Crime Centre (EC3) has discovered and shutdown more command & control servers related to the Cryptolocker ransomware in the past couple of days. On Monday, it was announced that a U.S.-led international effort against Cryptolocker and the GOZeuS botnet had significantly disrupted their operations, saving potential victims millions.



Cryptolocker is a nasty piece of work that encrypts personal files on a victim's PC and will not decrypt them until a ransom is paid, typically 1 bitcoin which could cost you around $600. The malware will even destroy files if the user does not pay up on time. It is estimated to have cost consumers and businesses over $30 million since last summer.

The ransomware was often delivered to a victim's PC through the Gameover ZeuS botnet, but it also spread through malicious e-mails.

The effect of the GOZeuS and Cryptolocker take-down

According to Danish security firm Heimdal Security, which was named by the FBI as an important collaborator against Cryptolocker, the number of estimated new infections per day of Cryptolocker has fallen from around 8,000 to close to zero. Of course, it cannot be absolutely sure of the figures but the infection rate has certainly plummeted.

Law enforcement has warned Internet users that they have a roughly two week window to clean-up GOZeuS and Cryptolocker infections before cybercriminals may be able to wrestle back some control. You can find instructions to detect and remove GOZeuS right here.

In future, a debate may arise about the role of Internet Service Providers in disrupting botnets, with one researcher already saying ISPs need to start quarantining infected computers now until they are cleaned up.

It is not just Windows PCs that are vulnerable to attacks like this either. Just today, ESET published an analysis of the first ransomware for Android phones and tablets that encrypts users' personal files and won't decrypt them unless a ransom fee is paid.



The U.S. has identified, charged and is pursuing a 30-year old Russian man it alleges to have been the top administrator of GOZeuS and Cryptolocker.

Written by: James Delahunty @ 5 Jun 2014 0:15
Tags
Zeus Cryptolocker Europol Heimdal Security
Advertisement - News comments available below the ad
  • 6 comments
  • kutulu1

    If anyone paid this ransom, they are stupid; easier and cheaper to swap out the HDD and reinstall the OS. Reinstalling the OS is also cleaner; don't have to worry about residual viral artifacts that might be lingering.

    6.6.2014 11:07 #1

  • gnovak1

    That's what I would have done. I guess people who aren't techies look at paying as the only way out.

    I wouldn't give those crooks a dime !!!

    6.6.2014 12:58 #2

  • triggz88

    Yeh why pay to get for example a novel you wrote or source code for software or anything else on your computer of any value, just delete all that shit and reinstall windows noobs! /sarcasm

    6.6.2014 19:18 #3

  • DOS_equis

    IS it really that easy to get rid of this infection? Do a simple file transfer to another drive and wipe the infected drive out? I would think that they would have it where you can't do a file dump to protect your files or they would already be encrypted so you can't move them.

    6.6.2014 21:11 #4

  • Dr_Shifty

    Originally posted by DOS_equis: IS it really that easy to get rid of this infection? Do a simple file transfer to another drive and wipe the infected drive out? I would think that they would have it where you can't do a file dump to protect your files or they would already be encrypted so you can't move them.
    Cyptolocker encrypts every file on any drive that is visible to the computer - not only the main HDD but also any USB drives that have a drive letter. It can't encrypt drives that are on a network unless they are configured as a drive letter on the infected computer.

    So even if you dump the whole system to another drive, it is already too late by the time you get the ransom demand.

    7.6.2014 06:38 #5

  • DOS_equis

    Originally posted by Dr_Shifty: Originally posted by DOS_equis: IS it really that easy to get rid of this infection? Do a simple file transfer to another drive and wipe the infected drive out? I would think that they would have it where you cant do a file dump to protect your files or they would already be encrypted so you cant move them.
    Cyptolocker encrypts every file on any drive that is visible to the computer - not only the main HDD but also any USB drives that have a drive letter. It cant encrypt drives that are on a network unless they are configured as a drive letter on the infected computer.

    So even if you dump the whole system to another drive, it is already too late by the time you get the ransom demand.
    OK thanks for the info. Some of the other comments made it seem like you could copy the files over to save them.

    7.6.2014 21:44 #6

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud