CryptoLocker has become 2013’s most infamous malware. Created by a single hacker crew in Russia or former Eastern bloc states, it is heavily targeting US and UK systems.

Not long after the ransomware emerged in September, Dell SecureWorks’ Counter Threat Unit (CTU) set up a sinkhole operation. The operation revealed a number of domains. It also found that between October 22nd and November 1st, around 31,866 unique IP addresses contacted those CTU sinkhole servers.
By the numbers: 22,360 from the US, 1,767 in the UK and 818 in India.

Keith Jarvis, a security researcher with Dell SecureWorks’ CTU, guesses that around 250,000 machines are infected.

“The majority of command and control servers hosting the CryptoLocker malware are located in the Russian Federation or the former Eastern bloc states, showing a knowledge of these infrastructure providers, and it is evident from the messages alerting the victims that English is not the CryptoLocker Group’s first language,” Jarvis said.

No one expects Cryptolocker to disappear in 2014.