Thursday, September 24, 22:26
Home security CryptoFortress: New ransomware with file encryption capabilities

CryptoFortress: New ransomware with file encryption capabilities

CryptoFortress, is a new ransomware with file encryption capabilities. It looks like TorrentLocker, but its internal mechanism shows a different malware structure.

The message asking for the ransom that appears to the victim when the data on the computer is encrypted as in the case of TorrentLocker, which, as we have mentioned, has been borrowed from CryptoLocker. Similarities have also been found on the payment page.

Crypto Fortress

Security researchers report that their developers CryptForce they took HTML templates and CSS code from TorrentLocker. However, common points do not stop there, since the code and encryption system available in the new ransomware as the distribution method are not the same.

Her researchers ESET (they recognize it as Win32 / Kryptik.DAPB) have created a list of all common points in their encryption malware, and besides the encryption algorithm (AES-256), encryption of the AES key (RSA-1024) and the fact that the payment page is hidden in the anonymous Tor network, they do not have many common points.

CryptoFortress is spread through exploit kits, not spam. The location of the ransom page is located in the malware code, and not in the C & C control center.

In addition, the cryptographic library used by CryptoFortress is Microsoft's CryptoAPI, while TorrentLocker uses the open-source LibTomCrypt.

Another difference lies in the fact that the new malware encrypts the first half of the file or up to 5MB and the amount of ransom it requests is around 500 dollars to be paid to Bitcoin.

The first CryptForce report was released early in the month by the malware researcher Caffeine, who monitors the exploit kits changes. An indication of the infection is that the files use "FRTRSS."

The analysis by security investigators of the Lexsi security company revealed that the AES key used to encrypt data on the hard disk was locally stored in the HTML file (the file is called "READ IF YOU WANT YOUR FILES BACK"), and is protected by strong public-key (RSA 1024).

In addition to local units, ransomware also beats mapped drives and shared network files by virtually destroying it. Prefers backups to prevent files from being restored.

Source: secnews.gr

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Nat BotPak
Nat BotPak
LIFE IS TOO SHORT to remove usb safely

LIVE NEWS

Linux Foundation: Announces New Basic LFCA Certification

Recently, the Linux Organization announced the development of a new certification, which will be the initial ...

Data breach at Tennessee Medical Center affects 235.000 patients

A data breach has affected about 235.000 people, according to a statement from Tennessee University Hospital.
00:02:07

Pentagon: Took $ 1 billion for Covid-19 and turned it into combat equipment

According to the Washington Post, the US Pentagon has given hundreds of millions of dollars to contractors for projects that largely do not ...

The new Windows 10 beta adds Skype "Meet Now" to the taskbar

Microsoft has released another new trial version of Windows 10 to Insiders on the Dev Channel. Windows 10 Build 20221, which ...

Tor Browser 10: Synchronizes with the latest version of Firefox ESR

Tor Project released Tor Browser 10.0 to align with the latest version of Firefox ESR, the corporate version of ...

Samsung: FDA Approved for Electrocardiogram

Users of the new Samsung Galaxy Watch 3 will now be able to monitor their heart rate, with FDA approval.

LinkedIn: Half of users do not update their profile

If you are looking for a job, you will know that many employers use LinkedIn to reach out to or check on candidates before they ...

Trump: Penalties for Web sites that favor illegal content

The Donald Trump administration has proposed changes to weaken section 230 of the Communications Decency Act.

"The Social dilemma" on Netflix: Is it worth watching the movie?

That social media can be addictive is not a revelation for anyone using Facebook, Twitter or Instagram ....

Facebook: Removes accounts linked to the Philippine military

Facebook has removed dozens of accounts for breaches of foreign or government policy interference, including many linked to the military and ...