by Chris Brook October 29, 2014 , 2:20 pm
Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims’ machines and then asks for payment to unlock them.
The malware has existed for several months but it wasn’t until mid-October that Microsoft’s Malware Protection Center noticed its biggest swell to date. The campaign infected 4000 different systems at its peak, with the bulk of those, 71 percent, confined to machines in the United States.
http://trtpost.wpengine.netdna-cdn.com/files/2014/10/crowti1.png
Full Article
Microsoft Warns of Crowti Ransomware
Userlevel 7
+54
Userlevel 7
+54
Ransomware is funneled in through malicious email campaigns, drive-by attacks or other malware droppers
By Ionut Ilascu on October 31st, 2014 EXCERPT:
“Our telemetry and research shows that Win32/Crowti is also distributed via exploit kits such as Nuclear, RIG, and RedKit V2,” Microsoft researchers say. This type of crimeware leverages vulnerabilities in Java (CVE-2012-0507) and Adobe Flash Player (CVE-2014-0515 and CVE-2014-0556).
Crowti has also been seen to be seeped in by other malware, such as Upatre dropper, Zemot or Zbot. Full Article
By Ionut Ilascu on October 31st, 2014 EXCERPT:
Malware delivered through multiple methods
Distribution of the ransomware is carried out through spam email with malicious attachments posing as documents (invoices, faxes, complaints, reports) or missed call messages.“Our telemetry and research shows that Win32/Crowti is also distributed via exploit kits such as Nuclear, RIG, and RedKit V2,” Microsoft researchers say. This type of crimeware leverages vulnerabilities in Java (CVE-2012-0507) and Adobe Flash Player (CVE-2014-0515 and CVE-2014-0556).
Crowti has also been seen to be seeped in by other malware, such as Upatre dropper, Zemot or Zbot. Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.