According to reports from ABC Australia (http://www.abc.net.au/news/2015-05-11/new-computer-ransomware-encrypts-files-asks-for-up-to-1000/6461606) a new crypto ransomware threat is circling Australian’s email inboxes.
You probably remember the Cryptolocker Trojan, as it is one of the scariest bits of malware we’ve seen in a while. Cryptolocker is ransomware that restricts access to a victim’s files until the victim makes a payment to the criminal. Once the payment is made, the criminal may or may not release access to the files. Read more about Cryptolocker in this blog post, http://blog.barracuda.com/2014/01/09/are-you-prepared-for-cryptolocker/
This latest version of Cryptolocker takes on the branding of the late, great, popular tv show, Breaking Bad. It uses the “Los Pollos Amigos” name, which is the restaurant that provided money laundering and was the base for other functions on the show.
The ransomware also links to a video that shows victims how to use bitcoin, which was likely included to help the victims pay the ransom. Researchers believe that the ransomware is spread via email, and downloaded through an infected zip attachment. Barracuda Email Security Service and Barracuda Spam Firewall customers are protected from these types of emails.
Ransomware a is particularly sinister attack, because it forces you to interact with the criminals in order to get access to your data. This particular version even includes the phrase “the one who knocks” in the email address, which is just insult added to injury for those who are familiar with Breaking Bad.
Most of you reading this blog are IT pros, so you already know how to deal with malware, and you’ve probably already heard of Cryptolocker. This Breaking Bad version gives you a good opportunity to revisit your Cryptolocker defense plan, including security software, your backups, and the overall state of your network. Are your users protected from malware, and ransomware in particular? Is there anything more you can do?
If you are battling a budget crunch and you need help selling the decision makers on solutions, consider adding Cryptolocker to your talking points:
- Even police departments and governments are paying the ransom
- Untraceable bitcoins are required for payment, meaning effective legal action and loss recovery are very unlikely
- There is a $100 make-your-own-Cryptolocker kit, opening the ransomware market to pretty much anyone. The Malware Must Die blog has an extensive and updated post on this here – http://malwaremustdie.blogspot.in/2014/01/threat-intelligence-new-locker-prison.html
- Cryptolocker designers are modifying their business model to remain an effective an active threat.
Additionally, consider adding the following Cryptolocker defense kit:
- User education on spam and phishing attacks
- Regular monitoring of the types of traffic on your network
- Regular backups that are kept off-site
- Proactive patch management
- Good antivirus software that can provide real-time scanning
We reported on another version of Cryptolocker a few months ago, here. https://barracudalabs.com/2014/12/new-cryptolocker-spear-phishing-campaign-looks-to-be-the-grinch-that-stole-christmas-in-australia/
Cryptolocker isn’t going away anytime soon. Secure your threat vectors, protect your data, and follow best practices, to ensure that you are not a victim.