Security experts working in conjunction with US Law Enforcement have defeated the most sophisticated ransomware variant produced.
Experts that analysed the Trojan were surprised by the quality of the encryption implementation as it was using commercial grade 2048 bit RSA encryption. This is believed to be the first time that a Trojan had used cryptology properly.
Ultimately the team realised that Cryptolocker could not encrypt data unless it was connected to a legitimate domain where it could retrieve the encryption key even if it had already infected a targeted machine.
The Trojan employed a domain generation algorithm (DGA) that created random domains based on the time of day.
The team then reverse engineered the DGA and created lists of the Domains that the Trojan was going to generate and then proactively registered those domains before the Cyber Criminals could do so. This effectively crippled the Trojan giving the team and law enforcement time to shut down the delivery mechanism being used.
GameOver Zeus malware was the distribution method for Cryptolocker and was eliminated by Microsoft and the FBI by taking down the Command and Control infrastructure being used by the Cyber Criminals
Testimony to the US Senate Judiciary Sub Committee on Crime and Terrorism
Bad News! – Unfortunately its taken time to defeat the Trojan. How much damage and confidential information has been comprised in the meantime? The level of sophistication indicates the need to be more focused on security and minimising your risks.
If you or your customers are concerned please ring or email John Lee and he can organise for one of our consultants to call you and discuss how we can provide effective solutions for your customers
SoftGen specialises in security solutions for the SME market.