New spam pushing CTB Locker ransomware
Posted by: Timothy Weaver on 05/04/2015 08:38 AM [ Comments ]
According to researchers at the SANS Institute, a new spam campaign is pushing the CTB-Locker ransomware.
Also known as Critroni, it encrypts hard drives and demands a ransom paid in Bitcoin.
We reported last month about the ransomware affecting the Tewksbury, Mass., police department who paid the ransom in order to get their files back.
The subject line of each email is similar, warning that a particular account number has been temporarily locked. The email message warns the user that unauthorized login attempts have been detected from several IP addresses, and is signed with a number of international contacts in the signature block. The malicious attachments are .zip files.
Within minutes, a familiar banner warning is shown on the computer screen warning that personal files on the machine have been encrypted by CTB-Locker and that the victim has 96 hours to submit payment and receive the encryption key, otherwise the files will be unrecoverable.
Most CTB locker malware is distributed through spam messages.
Source: Threatpost
We reported last month about the ransomware affecting the Tewksbury, Mass., police department who paid the ransom in order to get their files back.
The subject line of each email is similar, warning that a particular account number has been temporarily locked. The email message warns the user that unauthorized login attempts have been detected from several IP addresses, and is signed with a number of international contacts in the signature block. The malicious attachments are .zip files.
Within minutes, a familiar banner warning is shown on the computer screen warning that personal files on the machine have been encrypted by CTB-Locker and that the victim has 96 hours to submit payment and receive the encryption key, otherwise the files will be unrecoverable.
Most CTB locker malware is distributed through spam messages.
Source: Threatpost
Comments