View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 3, 2015

Ransomware trojan bundled with Google Chrome ‘update’

Spam campaign tricks users before blackmailing them.

By Jimmy Nicholls

Spammers are using a phoney Google Chrome update to distribute a ransomware trojan, according to the security firm Malwarebytes.

Victims are sent a message ostensibly from the Google Security Team, informing users that their version of the web browser is out of date and linking them to a malware download.

If tricked by the scheme users then install the CTB Locker/Citrioni virus from a number of apparently compromised websites, with the malware then locking up the PC and blackmailing the user by promising to leave their files encrypted forever if they do not pay.

Writing in a blog post, Jerome Segura, senior security researcher at Malwarebytes, said: "The problem with ransomware is that while the active trojans can be removed, it is much more difficult and sometimes impossible to recover the encrypted files.

"Social engineering remains a powerful technique to trick people into running programs they shouldn’t," he added, referring to a range of manipulative techniques used by hackers to trick users into performing actions that will compromise their systems.

"As a rule of thumb you should always only download files from their official website rather than from some unknown site."

Copies of Citrioni have been available on black market hacker forums since at least last June, according to independent researcher Kafeine, and was initially targeted at Russian speakers before moving to English-speaking market.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Bitcoin payment is used by hacker to retain their anonymity, according to Malwarebytes, with the value of the ransom worth $500 (£330) and a time limit of 96 hours set before the files are permanently encrypted.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.