In the case of an error, your payment will be processed manually within two business days”.įor each victim, a unique Bitcoin address (where the money will be sent) is generated. However, if the victim has already paid the ransom, the private key will be given "free of extra charge". This is a sharp increase from the original two Bitcoin ransom. When a match is found, a confirmation page is displayed, along with the payment information: 10 Bitcoins which is roughly over USD$2,000 (the value of 1 Bitcoin being about USD $200). Shortly after the upload, the system starts to look for the decryption key: Here's a Word document that had been specifically encrypted by CryptoLocker: The victims can upload one of their encrypted files in order to find the corresponding private decryption key. The service only accepts files that are encrypted: In addition, this online "service" page can also be accessed through the 'anonymous' Tor network on a ".onion" address, guaranteeing a longer lifespan and protection against DNS sinkholes. The webpage is hosted on one of the command and control server's IP address. There is one that belong to AS42655 BESTHOSTING, a web hosting company in the Ukraine well-known for its associations with malware. Perhaps to also thwart AV companies that remove the malware but by doing so break the payment chain, the bad guys have set up an independent online “CryptoLocker Decryption Service”: The news was first reported on the Bleeping Computer forums early last Saturday. Originally, if you did not pay the initial $ 300 ransom within three days, the private key necessary to retrieve the encrypted files would be deleted forever.Īpparently not. The criminals behind the infamous CryptoLocker ransomware that encrypts all your personal files are now offering a late payment option, albeit at a higher cost.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |