Saturday 26 March 2016

Cryptolocker A Trojan Ransomware, Popularity Known As "Police Virus"

Cryptolocker A Trojan Ransomware, Popularity Known As "Police Virus".

CryptoLocker is the most prevalent ransomware of all time, which is exclusively built to infect the Windows installed machines. 

It is believed to have first been posted on the Internet on 5 September 2013. This Ransomware is being spread through the e-mail attachments and social engineering tactics.

What is It?

CryptoLocker is a Trojan ransomware program which targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8.  As it is being designed to extort the money from the Windows Users, the Ransomware is popularly called “Police Virus.CryptoLocker hijacks users documents and asks them to pay a ransom (with a time limit to send the payment).

How it Spreads?

This Ransomware is propagated through the e-mail attachments of Zipping file, by entering the password included in the message, and attempts to open the PDF it contains.

It is also spread by the means of malicious links to the malicious websites. This also propagated using the Gameover Zeus Botnet. Upon the successful execution, it infects CryptoLocker will add the .7z.encrypted extension to all the images, videos and other personal documents.
Impact of Systems

It mainly targets to encrypt the files using the RSA-2048 key in Windows Machine by getting into the registry location, so that the ransomware gets activated during the start up.

It then attempts to contact one of several designated C&C servers. The server generates a 2048-bit RSA key pair and sends the public key back to the infected computer. After receiving the Key Pair, it saves into the registry.

When CryptoLocker ransomware is first installed on victim’s computer, it will create a randomly named executable in the %AppData% or %LocalAppData% folder to carry out the procedure of full disk encryption.

The ransomware makes use of the AES Encryption to lockout the files in the Windows Environment along with the time frame to pay up the ransom worth of 400$, after completing the encryption of all files.

Along with the Ransom message displayed, there also appears a Payment window which demands 400BTC within the deadline of 72 Hours. If the user delays the payment, it then increases the BTC by 10.


Earlier, there was no option left for the Cryptolocker victims, but later Ransomware Removal Kit had been released for free which is an umbrella solution for the various types of ransomware listing from cryptolocker to teslacrypt. This would facilitate to know the type of encryption and avail the option of decryption for free.

There are some preventive measures which could be taken to thwart the Ransomware attack to happen. This could be achieved by installing some tools like Hitman Pro, Cryptoprevent, etc.

The installation of such programs would pre-scan the possibilities of Ransomware in the Windows Environment to occur and prevent the infection from happening.

It is reported that 27$ million had been extorted from the victims to the ransomware owners through the TOR network channelization.

About the Author:
Rakesh Krishnan is a Trainee Security and Technology Writer. He is a Security Evangelist, Passionate about Information Security and Penetration Testing. His Special Field of Interests include Espionage, Bitcoin Dark Web and much more.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer