CTB-Locker with New, Improved Version

An improved version of Onion ransomware has just emerged. No matter if you call it Onion or CTB-Locker, this is a Cryptolocker piece of malware which is capable of encrypting all the files on its host machines in order to demand ransom for decrypting them.

The difference between CTB-Locker, or Curve Tor Bitcoin Locker, and the other ransomware is that it uses The Tor Project’s anonymity network for shielding itself from takedown efforts which rely on static malware command and control servers. Also, using of Tor helps it evade detection and blocking.

Another thing which protects CTB-Locker controllers is accepting only the decentralized and largely anonymous crypto-currency known as Bitcoin.

Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server,” the senior malware Fedor Sinitsyn said. “All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there.”

According to Sinitsyn, the new version of CTB-Locker, known to Kaspersky Lab products as Trojan-Ransom.Win32 Onion, contains some interesting upgrades. It offers its victims a sort of ‘trial demo’ whereby five user’s files can be decrypted without paying the ransom.
Alongside its new abilities, CTB also evades research efforts. Besides, it is available in three new languages: German, Dutch, and Italian. In addition to connecting directly to Tor, CTB can connect through six web-to-Tor services.

The best line of defense against this and other threats is to have backed up your machine. Also, you should install a reliable antivirus product and make sure that all of your software, operating systems, and applications are updated.

If you already become infected, there is no way to recover the files encrypted by CTB-locker. The only thing you could do is to pay the ransom, though even then, there is no guarantee that you will receive the key for decrypting your files.

Ransomeware is a huge industry and its only likely to become a bigger problem moving forward as more of our daily lives and belongings are incorporated into the so-called “Internet of Things.”

Considering all the above-mentioned, PC users should use reliable antivirus software and make sure that their data is regularly backed up.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.