In the last couple days, IT security solutions vendor ESET has been observing a surge in a new type of cyber-attack. Dubbed CTB-Locker, it is a new variant of the ransomware family and is affecting organizations withing the GCC and in particular the UAE with ESET having recorded multiple incidents in a short period of time. The ransomware encrypts and locks users’ data until a ransom of 8 Bitcoins, equivalent at present to $1680, is paid to the attackers.
CryptoLocker was a ransomware trojan which targeted computers running Microsoft Windows and was first observed by Dell SecureWorks in September 2013. CryptoLocker propagated via infected email attachments, and via an existing botnet (source: Wikipedia)
Commenting on the way in which the malware spreads, Mohamed Djenane, Security Specialist, ESET Middle East said, “It starts with a simple email. Organizations in the UAE are getting targeted email, mainly having a subject containing the word ‘fax’. This email contains an attachment infected with a trojan downloader.” Once downloaded by an unsuspecting victim, the trojan downloader connects to the internet and downloads the main CTB-Locker malware. On execution, CTB-Locker will encrypt specific file formats on the infected device, lock the users screen and display a ransom message.
The new ransomware which was identified by ESET researches has been observed all over the world with the highest density in Europe and Latin America. There is a big similarity between CTB-Locker and Crypto-Locker, an infamous piece of ransomware that has been making rounds in the cyber community since September 2013. While they both operate in the same manner in terms of encrypting the victim’s machine, CTB-Locker uses a different type of encryption algorithm.
ESET offered the following advice to users and organizations to eliminate or at least reduce the impact of the new CTB-Locker attack:
1. Have any data backup mechanism, whether it is done manually or by implementing a backup solution. This will eliminate the need to pay anything since you already have a backup copy of your data.
2. Keeping your operating system and antivirus solution up to date.
3. Never open email attachments if you are not 100% sure about the identity of the sender
4. Extensive awareness for employees and cyber education as per the best security practices
5. Early report for any suspicious activities to the IT team