CryptoLocker ransomeware has infected 250,000 computers - Dell SecureWorks

By Danny Palmer
19 Dec 2013 View Comments

CryptoLocker Ransomware has already infected 200,000 to 250,000 computers in just the first one hundred days of its campaign.

That's according to Dell SecureWorks Counter Threat Unit (CTU), which has been measuring infection rates of the malware, which is believed to be produced by a criminal can based in Eastern Europe or Russia.

Further reading

The Trojan virus is particularly dangerous because there's currently no antivirus software that can cure or protect against it. Rather than just hijacking the screen with a demand for payment like many Trojan infections - which can be worked around by rebooting the system or using antivirus - CryptoLocker Ransomware encrypts the whole computer.

That means in many cases the unfortunate victim has no other option than to pay the $300 ransom to the criminal gang in order to regain access to the computer. The majority of victims have been enterprise users in the United Kingdom and the United States, with some others located in Australia, Canada and India.

"Early versions of CryptoLocker were distributed through spam emails targeting business professionals," said Dell SecureWorks CTU senior security researcher Keith Jarvis, writing in a blog post.

"The lure was often a "consumer complaint" against the email recipient or their organization. Attached to these emails was a ZIP archive with a random alphabetical filename containing 13 to 17 characters. Only the first character of the filename is capitalized. The archive contained a single executable with the same filename as the ZIP archive but with an EXE extension," he explained.

The gang behind CryptoLocker Ransomware tend to target victims in the United States because law enforcement co-operation between Russia and the West is often complicated, giving cyber criminals the feeling that they can successfully get away with pulling off the scam.

The most common victims of the crime are those at financial institutions, but Dell say there's no reason to suspect criminals are specifically targeting them and they're even moving onto home computers.

"CryptoLocker is neither the first ransomware nor the first destructive malware to wreak havoc on infected systems," said Jarvis.

"However, the malware authors appear to have made sound design decisions that complicate efforts to mitigate this threat and have demonstrated a capable distribution system based on the Cutwail and Gameover Zeus botnets," he continued.

"Evidence collected by CTU researchers confirms the threat actors have previous experience in malware development and distribution, especially of ransomware.

Based on the duration and scale of attacks, they also appear to have the established and substantial "real world" infrastructure necessary to "cash out" ransoms and launder the proceeds," Jarvis concluded.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %