light bulb

Did You Know?



Reply
Posts: 5,198
Topics: 3,341
Kudos: 6,459
Registered: ‎06-12-2013

Critroni Crypto Ransomware Seen Using Tor for Command and Control

Well we warned that Ransomware was one of the ways things were going well here is a new kid on the block now.

 

By Dennis Fisher  July 18, 2014

 

"The Critroni ransomware is selling for around $3,000 and researchers say it is now being used by a range of attackers, some of whom are using the Angler exploit kit to drop a spambot on victims’ machines. The spambot then downloads a couple of other payloads, including Critroni. Once on a victim’s PC, Critroni encrypts a variety of files, including photos and documents, and then displays a dialogue box that informs the user of the infection and demands a payment in Bitcoins in order to decrypt the files. Victims have 72 hours to pay, and for those who don’t own any Bitcoins, the ransomware helpfully provides some detailed instructions on how to acquire them in various countries, according to an analysis of the threat by a French security researcher who uses the handle Kafeine."

 

Full Article

Sr. Community Leader

Community Guide
Posts: 228
Registered: ‎06-04-2014

Re: Critroni Crypto Ransomware Seen Using Tor for Command and Control

Doesn't Cryptolocker also use Tor to hide it's servers?

Community Guide



-Webroot Endpoint Protection user-
Posts: 5,198
Topics: 3,341
Kudos: 6,459
Registered: ‎06-12-2013

Re: Critroni Crypto Ransomware Seen Using Tor for Command and Control

I remember that one method of paying up to get the decryption key was via a TOR address.

Sr. Community Leader

Community Guide
Posts: 228
Registered: ‎06-04-2014

Re: Critroni Crypto Ransomware Seen Using Tor for Command and Control

Just in this moment I wanted to edit my post. :smileywink:
I was thinking of Cryptodefense and it was indeed using Tor for paying.

Community Guide



-Webroot Endpoint Protection user-
Posts: 5,198
Topics: 3,341
Kudos: 6,459
Registered: ‎06-12-2013

More Details of Onion/Critroni Crypto Ransomware Emerge

More information about this is coming to light now about this Trojan, early days for it but it does has a lot of potential to be a real nasty.

 

by Chris Brook July 24, 2014

 

"Unlike the majority of crypto-malware, which use a combination of AES and RSA to encrypt files, Onion bucks the trend and uses a version of the asymmetric ECDH (Elliptic Curve Diffie-Hellman) algorithm.

The malware compresses files via the Zlib library, then encrypts them with AES, with the hash SHA256. The only way to decrypt files encrypted by Onion are by calculating ECDH with a master-private key derived from the cybercriminals’ server.

The same protocol, ECDH, also protects all traffic coming to and from the attackers’ server with a separate, different set of keys.

Researchers claim that Onion is spread through the bot Andromeda, which first downloads and then runs the malicious program Joleee, which in turn downloads Onion on victim’s machines."

 

Full Article

Sr. Community Leader

Community Manager Community Manager
Community Manager
Posts: 4,321
Registered: ‎12-16-2013

Re: More Details of Onion/Critroni Crypto Ransomware Emerge