CryptoLocker ransomware is alive and well despite the FBI’s recent claim that "nearly all" computers infected by its botnet had been freed from criminal control, according to the security firm Webroot.
The company has warned that the public are still vulnerable to extortion through ransomware distributed by other botnets, including CryptoWall, New CryptoLocker, DirCrypt and CryptoDefense.
Tyler Moffitt, threat research analyst at Webroot, said: "While seizing the majority of the Gameover Zeus botnets from the suspected ‘mastermind’ Evgeniy Bogachev was a big impact to the number of computers infected with Gameover Zeus – about a 31% decrease – it’s a very bold claim to state that Cryptolocker has been ‘neutralised’.
"Although Evgeniy Bogachev and his group had control of a major chunk of Zeus botnets and command and control servers that deployed CryptoLocker, it was certainly not all or even the majority of Zeus botnets in existence."
International police took down the Gameover Zeus (GOZeuS) botnet responsible for distributing CryptoLocker in May, disrupting a virus which encrypts users’ files before demanding payment to decrypt them.
Following the takedown the public was warned it had a two week period in which to patch computers and prepare for the resurgence of CryptoLocker, which earlier this month was said by the FBI to be "effectively non-functional and unable to encrypt newly infected computers".
"The best way to stay protected by attacks like this is to utilize backups to either the cloud or offline external storage," Moffitt added.
Victims can now be required to install an encrypted browser to pay the ransoms, allowing authors to skip middlemen and increase profits.