CryptoLocker variant discovered

A new worm version of CryptoLocker has been discovered, but users can protect their data from being lost with Faronics Deep Freeze.

Ever since users first reported receiving notice of being locked out of their files, organizations and individuals in nearly every sector have been on their guard about ransomware. One of the most well-known and far-reaching samples by far is CyptoLocker, which recently re-emerged with new forms and attack styles. However, users can protect their systems with Faronics Deep Freeze, a system restore solution that prevents data loss from this type of attack.

One user recently described a run in with CryptoLocker when it infected systems at Apex Cary Insurance in North Carolina. Company president and co-owner Mark Wilson said the first thing he noticed was slow functionality of the business’s system. Soon after, Wilson discovered a ransom message on one of the organization’s connected workstations demanding $300 in exchange for the decryption key.

This has been the typical narrative when it comes to CryptoLocker infections. Some have reported receiving the key when the amount is paid, others have sent the ransom and never regained access to their files. When users prepare beforehand with Deep Freeze, they can simply reboot their systems and once again be able to connect with their company resources.

The ransomware sample recently evolved to include new infection abilities, posing increasing danger to the business sector. Researchers discovered a new form of CryptoLocker called CRILOCK-A, which can spread through fake Adobe Photoshop and Microsoft Office software activators on content sharing sites. Experts have also found that this new variant can also spread through removable drives as well, and is now being classified as a worm.

CRILOCK-A also has some key differences from its predecessor. The new sample does not rely on downloader malware like CryptoLocker did and instead masquerades as an activator for a range of widely used software.

“Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create (and send) spammed messages,” stated security experts in a blog post.

However, when users have Deep Freeze installed on individual computer and servers, unwanted changes can be rolled back, and administrators can manage many different endpoints from a centralized console, streamlining the process of issuing Windows software and security updates. Organizations can stay on top of potential malware infection, while also shielding themselves from misconfiguration and system crashes.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.