Researchers at eScan have detected and analyzed new Ransomware ‘Trojan.Cryptolocker.AT’ targeting Windows users in Russia, which doesn’t need any interaction of Command and Control Server.
How does it work?
Firstly the Malware enters the system through an exploit kit. Once entered the victim’s computer it encrypts important files with some of the extensions related to MS Word, Image file format like *.jpeg, Audio File Format such as *.mp3 and many more. It changes the desktop wallpaper to a message written in Russian language to display the ransom warning i.e. informing their files have been encrypted and it can be decrypted only when victim agrees to send to one of the encrypted file to email address provided within a week. In addition to above, cyber-criminal demands a ransom amount between $300 and $400 to receive the decryption tool.
How is it different than other Ransomware?
Unlike other Ransomware such as CrypVault, which needs internet connection to download payload from Command and Control server it does not need communication between CnC server, i.e. no key is exchanged between victim and cyber-criminal thus making it difficult to identify the threats based on victim and cyber-crook communication.
Tips to safeguard yourself from Malware:
- Use trustworthy antivirus software (eScan) on regular basis, which will protect your system from malwares.
- Configure your antivirus settings to automatic system updates.
- Disable Auto-play of USB and Optical drives such as Pen drive, External Hard Disk and CD/DVD.
- Configure your firewall to default configuration, i.e. deny all incoming connections and only allow services which you explicitly want to offer to outside world.
- Turn off file sharing if not needed.
- Implement a three dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
- Make sure you either implement MailScan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
- Open emails only if you are positive about the source.
- Disable Auto-play to stop automatic launching of files from the network and removable drives.
