Cryptolocker ransomware a BitCoin boom for crims

Credit: Symantec 

A ransomware campaign is hitting tens of millions of users forcing many thousands to cough up cash and BitCoins at a time when the cryptographic currently is at all time highs.

The UK's National Crime Agency alone has recently warned that millions of British users have been targeted in phishing emails and law enforcement in that country were pursuing the malware authors.

More than 12,000 victims were thought to have fallen prey to the CryptoLocker ransomware over recent months.

The malware which also targeted small and medium businesses demanded ransom payments starting at 2 BitCoins which at current prices equated to about $1800.

Ransomware was a form of malware that encrypted data and drives, locking victims out of their computers until a ransom payment was paid.

Some forms of ransomware could be removed if the implementation of encryption was flawed, however many cases exist where businesses have paid thousands of dollars to free their locked down data.

Bitdefender Labs researchers used Domain Name Server sinkholes to determine that some 12,016 machines infected with CryptoLocker attempted to contact the sinkholed domains.

The bulk of those connections were traced back to Internet Protocol (IP) addresses in the US.

"... judging by the distribution of infected hosts and the payment methods available, it would seem that only systems in the US are targeted, with the rest being collateral damage,” the reseachers wrote in a blog.

CryptoLocker was discovered in September spreading through phishing emails. The trojan encrypted victim's files and mapped network drives before demanding a MoneyPak or Bitcoin payment within three days.

Victims reportedly recieve a key once the ransom was paid that unlocked their encrypted files.

“Almost all the CryptoLocker command-and-control servers also host a public payment service through which victims can purchase decryption keys,” researchers said.

- With Darren Pauli