New CryptoLocker-type ransomware strikes in Europe and Latin America

Next story

ESET researchers have spotted a new type of cyber-attack spreading in Europe and Latin America. The reason is a new variant in the ransomware family referred to as CTB-Locker. It encrypts user’s files similarly to CryptoLocker, and requests a ransom in Bitcoins. According to ESET research, the campaign is just starting out. Read more about the CTB-Locker on ESET's news page
Early yesterday ESET Research Team in Latin America has repeatedly tracked the activity of CTB-Locker, a filecoder detected by ESET’s telemetry as Win32/FileCoder.DA. The infection starts when the victim receives an e-mail with the subject “fax”, containing an attachment that resembles a facsimile. The embedded file is infected with Win32/TrojanDownloader.Elenoocka.A – a trojan downloader which tries to connect to the Internet to download other malware –in this case the Win32/FileCoder.DA, also known as CTB-Locker. Upon successful opening in the victim’s device, CTB-Locker encrypts specific files on the device, locks the screen and displays a ransom message.
ESET researchers have also noticed a similarity between CTB-Locker and CryptoLocker. 

“They both have a similar pattern of encrypting the victim’s files and differ only in the use of encryption algorithm,” says Pablo Ramos, Head of ESET Research in Latin America.

Again, similarly to CryptoLocker, the victim is requested to pay a ransom in Bitcoins - of approximately 8 Bitcoins (valued around $ 1,680). 
The best prevention is to follow the well-known security “mantra” – backup your files, update your software and protect your device.

“The impact the CTB-Locker can have on a company or a user who does not have a backup solution can become a real headache.  In reports, we saw companies paying thousands of dollars to recover their data," concludes Ramos. 

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedInFacebook and Twitter