Cybercriminals are selling (for approximately $3,000 underground) and spreading a new file-encrypting ransomware program that’s more powerful than Cryptolocker – it has been given the name Critroni.
The Department of Justice reported on July 11th that Crypotlocker was shut down. Since this “business model” proved to be so lucrative, criminals modified Cryptolocker’s weaknesses to make Critroni more efficient and harder to detect and track.
It is the first encrypting ransomware that uses the anonymous Tor (The Onion Router) network for command and control, therefore concealing its communication. The malware encrypts a variety of files, including photos, videos, and other documents, then demands a ransom for decryption. The criminals require payment in Bitcoins to help better protect their identities. The victim is given 72 hours to pay the ransom (varying from 0.2-0.5 Bitcoins or $120-$350) and if not paid, the files are gone forever.
“It uses C2 hidden in the Tor network. Previously we haven’t seen cryptomalware having C2 in Tor. Only banking Trojans,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. “Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server. All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there.”
Currently, the Critroni malware threat is written in English and Russian.
Steps you need to take to protect yourself – regularly update the following on your computer:
- Operating system
- Media players
- PDF readers, etc.
Routinely backup your files to a safely stored, removable media is critical for recovery of your files.