VietNamNet Bridge – Vietnamese security experts have confirmed that CTB-Locker, a dangerous ransomware infection that decrypts files on computers and displays a so-called ransom warning, has turned up in Vietnam.
Nguyen Minh Duc, a renowned security expert from FPT, Vietnam’s largest information technology group, said on January 21 he was asked for help by several agencies, including a large bank in Vietnam, which had their computer system infected with a new kind of malware.
After penetrating victims’ computers, the malware will scan the computers’ drives and encrypt files with public key cryptography.
Most of the important files on victims’ computers with “.doc”, “.pdf”, “.xls”, “.jpg” and “.zip” would not open.
If computer users want to decipher the files, they need private keys which only hackers have. The victims will receive messages on their desktops from hackers about the ransom.
Duc said the problem begins when computer users receive an email with an attached file forged as a document file. But in fact, the file is a downloader with “.scr” (screen saver) with the name coinciding with the attached file.
The downloader will activate WordPad to display a document with content matching the email’s content, making it look like a real document.
After that, it will download other malicious files, and in this case, it will connect the server to download a file “.exe”. The file, in turn, will produce two other files “.job” and “.exe”. The “.exe” file is the “main culprit” which encrypts all the files on victims’ computers and shows messages for ransom.
In most cases, victims were informed to pay a ransom within 96 hours, or the files would be locked forever. The hackers asked victims to pay a ransom of three bitcoins, or $630.
The “price” was higher than that asked by other malware versions, which only required $100.
“If the files are encoded, we will not be able to open the files without the private keys,” Duc said.
Therefore, many victims had to pay money to regain their most important files.
Duc has recommended that computer users use updated anti-virus software and carefully monitor attached files sent via emails.
“It would be better not to open files from strange senders and only download files from true websites,” he said. “One should not click into links received via chat or email, and should back up documents.”
BKAV, Vietnam’s leading internet security firm, confirmed that it had discovered a new variant of CryptoLocker was being spread in Vietnam.
According to the firm, the encoded data cannot be restored because hackers use the public key, while the private key for encoding is saved only on hackers’ servers.
VNE