Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: IT Wiser
Flaw Discovered in Latest PC-Infecting Ransomware
It has been discovered that CryptoDefense, the latest ransomware targeting PC systems in the UK, has a rather large flaw in its makeup – poor coding.
Since the strain of malware was detected back in February, more than 11,000 infections have been detected, with security experts estimating that the creators are making up to $38,000 a month in Bitcoin. However, while victims are asked to pay up before being given a key to decrypt the data, it seems that the coders have made the basic mistake of storing the decryption key unencrypted on the hard disk of PCs.
Symantec, who was first to uncover the coding error, explained:
As advertised by the malware authors in the ransom demand, the files were encrypted with an RSA-2048 key generated on the victim’s computer. This was done using Microsoft’s own cryptographic infrastructure and Windows APIs to perform the key generation before sending it back in plain text to the attacker’s server. However, using this method means that the decryption key the attackers are holding for ransom, actually still remains on the infected computer after transmission to the attacker's server.
Before handing over any money, victims are being urged to check in the Application Data > Application Data > Microsoft > Crypto > RSA folder of their PCs for the private key, noted The Register.
A Worrying Trend
While the discovery of the flaw is great news for anyone currently infected by CryptoDefense, it has come too late for those that have already handed over money to the cybercriminals. The poor coding has also slightly overshadowed a worrying trend that has spiralled off the back of the highly successful and lucrative CryptoLocker – malware that has pulled in millions across the world and continues to cause problems for PC owners.
Ransomware is the malware of choice at the moment for cybercriminals and spam programmes are receiving massive investment. CryptoDefense may have failed, but it has not done so without duping thousands of people and earning hundreds of thousands of pounds in the process. The ransomware that follows this is unlikely to be so lax in its coding.
In order to safeguard against this growing threat, we recommend that you counter ransomware by installing Cloud Web Security and using Cloud Online Backup to backup and protect your files and folders. ITWiser’s security software is designed to eliminate malicious content at cloud level and will ensure your money does not end up in the hands of cybercriminals.