View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 21, 2014updated 26 Aug 2016 9:51am

Why CryptoLocker might not be dead and buried

A security researcher has disputed the FBI's claim to have ‘neutralised’ the virus.

By Jimmy Nicholls

CryptoLocker ransomware is alive and well despite the FBI’s recent claim that "nearly all" computers infected by its botnet had been freed from criminal control, according to the security firm Webroot.

The company has warned that the public are still vulnerable to extortion through ransomware distributed by other botnets, including CryptoWall, New CryptoLocker, DirCrypt and CryptoDefense.

Tyler Moffitt, threat research analyst at Webroot, said: "While seizing the majority of the Gameover Zeus botnets from the suspected ‘mastermind’ Evgeniy Bogachev was a big impact to the number of computers infected with Gameover Zeus – about a 31% decrease – it’s a very bold claim to state that Cryptolocker has been ‘neutralised’.

"Although Evgeniy Bogachev and his group had control of a major chunk of Zeus botnets and command and control servers that deployed CryptoLocker, it was certainly not all or even the majority of Zeus botnets in existence."

International police took down the Gameover Zeus (GOZeuS) botnet responsible for distributing CryptoLocker in May, disrupting a virus which encrypts users’ files before demanding payment to decrypt them.

Following the takedown the public was warned it had a two week period in which to patch computers and prepare for the resurgence of CryptoLocker, which earlier this month was said by the FBI to be "effectively non-functional and unable to encrypt newly infected computers".

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"The best way to stay protected by attacks like this is to utilize backups to either the cloud or offline external storage," Moffitt added.

Victims can now be required to install an encrypted browser to pay the ransoms, allowing authors to skip middlemen and increase profits.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.