Bach Khoa Anti-virus Center (BKAV) last week reported that 1,600 computers in Vietnam had been infected with CTBLocker, a dangerous ransomware infection that decrypts files on computers and displays a so-called ransom warning.
Bach Khoa Anti-virus Center (BKAV) last week reported that 1,600 computers in Vietnam had been infected with CTBLocker, a dangerous ransomware infection that decrypts files on computers and displays a so-called ransom warning.
CTBLocker, a variant of CryptoLocker ransomware, has spread very rapidly in recent days. A BKAV report released on January 23 showed that 1,300 computers were infected with the ransomware, while an updated report on February 5 said the number increased by 300.
According to BKAV, the number of CTBLocker’s victims could be much higher, because many of them had not reported the infection. Though the warning about CTBLocker has been reported in mass media, the number of victims is still on the rise.
The leading internet security firm has also warned about a new spam email campaign related to CTBLocker, called Critroni. This aims to entice computer users into updating the Chrome browser from a link embedded in emails.
Emails are sent to computer users under the pretense that they offer access to updated versions of Google's Chrome browser, because the version of Chrome in use has become out of date. But instead of a new browser, victims are directed to Critroni.
After the users download the malware, the encoding process begins and the blackmail messages are sent after the process ends.
CTBLocker, a member of CryptoLocker family, according to international sources, attacked 200,000-250,000 computers worldwide in mid-December 2013. The ransomware “locks” data by encrypting it and then sends a message to computer users, telling them to pay money to get their data back.
Some Vietnamese internet security experts said victims would be able to restore their data without having to pay ransom, if they are infected with the old variants of the malware, because the variants could not erase the file copies created by the Windows Volume Shadow Service.
In some cases, they said, victims can restore their database by using programs like Shadow Explorer. However, not all malware variants had such a hole.
Therefore, computer users have been advised not to open any files attached with the emails from unclear sources. In case users need to open attached files to read the content, it would be better do this in an “isolated environment” – Safe Run.
BKAV has marketed a product which can be used to deal with CTBLocker, saying that there is no need to install software into computers, while users can run it immediately to scan viruses. The anti-CTBLocker tool is available at Windows Volume Shadow Service.
BKAV also said that Anti Ransomware, a solution to fight CTBLocker, has been integrated into its security products, to be launched in 2015.