Supposedly, when the victim paid the ransom, they would then have access to the private key so they could unlock their encrypted files. This type of encryption is more secure due to having two keys - one public, the other known only by the attacker.
The encryption with this ransomware was asymmetric, meaning it used two different keys for encrypting and decrypting files. After the initial infection, the malware connected to the attackers’ command and control server to leave the private encryption key. Once one networked computer was infected, it was easy to find and encrypt files located within shared network devices, such as USB drives, external hard drives, network file shares and cloud storage drives. According to a Cybersecurity and Infrastructure Security Agency (CISA) alert, some people saw the malware appear following a previous infection from one of several botnets frequently used in the cyber-criminal underground. How it worksĬryptoLocker spread through fake emails designed to imitate legitimate businesses and through fake FedEx and UPS tracking notices. CryptoLocker used a third-party certified cryptography offered by Microsoft’s CryptoAPI, which made it that much harder to combat due to it having a sound implementation. It was a new kind of ransomware that restricted access to infected computers and demanded victims provide a payment to the attackers in order to decrypt and recover their files. CryptoLocker became one of the most profitable ransomware strains of its time, infecting more than 250,000 systems and earning more than $3 million within just four months.
0 kommentar(er)
