Security Market Segment LS
Tuesday, 13 January 2015 02:24

Trend Micro and Deakin Uni analyse OZ CryptoLocker threat Featured

By

There’s still no free decryption for the CryptoLocker/TorrentLocker threat, but a new 16-page whitepaper analysing how this nasty malware works has been released.

Sometimes, the best cure is prevention - and multiple backups - given the nasty side effects of malware that encrypts your computer files and demands a hefty ransom.

That’s what both the original CryptoLocker malware does and the new strain known both as TorrentLocker and CryptoLocker, even though the new CryptoLocker is different to the original.

Internet security company Trend Micro and its threat researchers in Australia decided to team up with Deakin University to fight the Australian-specific variants of CryptoLocker that have been spreading across the country at a rapid rate since September 2014.

While there’s no free decryption solution, or at least not as yet, we’re told that this new version of CryptoLocker targeting Australians ’encrypts victims’ files and demands $598 in exchange for access back to the files’ - and cruelly sees ‘the ransom demand doubling after 96 hours.’

Trend Micro and Deakin Uni have just released a new 16-page report on CryptoLocker, available to freely download here (direct PDF link), where both sets of researchers ‘monitored and analysed trends related to the CryptoLocker outbreaks occurring in Australia between 1 November and 30 November 2014.’

Throughout November, we’re told that ‘the study found more than 10,000 hits to redirection URLs, all considered CryptoLocker incidents.’

Unsurprisingly, the Australian strains of CryptoLocker work in much the same way as those seen in North America and Europe:

- First, the victims receive a spam email with hyperlinks, indicating parcel tracking information or a penalty notice waiting for them at an ‘official website’

- After clicking the hyperlink, the victims are redirected to a web page that is convincingly realistic, mimicking the official web pages of organisations such as the Australia Post and the Office of State Revenue New South Wales, including the domain name

- The web page then delivers the malware payload to the victims’ computers through abused legitimate file-hosting sites

- The malware proceeds to encrypt PDF and Microsoft Word documents, and other commonly used files

- Once the victims’ files are encrypted, the malware requires Bitcoin payment of at least $598 so the said victims can recover their files.

There is some good news beyond monitoring and analysis - Trend and Deakin say they are ‘working to stop the attacks’.

Trend explains that, ’on the days when outbreaks occur, Trend Micro has supplemented its internal processes with real-time alerts sent to Deakin University researchers who do further analysis of the outbreaks while the malicious sites are still active.’

Dr Jon Oliver, a senior threat researcher at Trend Micro Australia said: “CryptoLocker is a threat that is increasingly affecting individuals and Australian businesses. We teamed up with Deakin University because it required urgent attention.

“This strain of CryptoLocker tailored for Australian victims started in the second half of 2014, and continued up to Christmas Eve. The outbreaks have stopped for the New Year break, but will almost certainly continue in the New Year.”

Professor Yang Xiang, the leader of Deakin University’s research team said: “These attacks are technically sophisticated and specifically aimed at Australians and have been significantly increasing since July with an enormous impact on businesses and individuals.”

Naturally, the Australian CryptoLocker strain is smart, with the researchers noting this malware ‘employs a variety of techniques to avoid detection.”

Dr Oliver said that: “The CryptoLocker attacks are adapting to security solutions, evading security measures in the next outbreak. Relying on a single aspect of detection can miss the next outbreak.

“Multi-layer filtering, which is also described as Defence-in-Depth, is a more robust approach.” Mark Sinclair, commercial sales director at Trend Micro Australia and NZ said: “Many Australian businesses are being targeted and affected by CryptoLocker, from very large organisations to the very small; no one seems to be exempt.

“The whole industry is suffering so our work with Deakin University is vital to get on the front foot and stop the Australian strain of CryptoLocker in its tracks.”

While full details are in the report, we’re told that, ‘after receiving a spam email and clicking the URL included within, victims are redirected to a phishing web page where they submit CAPTCHA responses and are delivered a .ZIP file.’

‘Running or opening that .ZIP file leads to all images, documents, and personal data on the computer and shared drives being encrypted. The malicious software then demands that the victims pay to retrieve their files.’ So, with the best protection being incredibly vigilant about the emails you receive, even if they look official, alongside running up-to-date Internet security software that is aware of this threat, it’s also a very wise idea to have more than one complete backup of all your files in both onsite and offsite locations.

After all, this threat, once activated, has encrypted your files, with no easy and free decryption solution yet at the ready.

Stay safe - and be careful what you click!


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments