View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

CryptoDefense ransomware can now be installed in ‘drive-by’ downloads

Hackers generously offer to decrypt one file free of charge.

By Jimmy Nicholls

A potent new type of ransomware can now be installed as people casually browse the web, in what has been termed "drive-by" attacks, it has been revealed.

CryptoDefense makes use of Java to install itself onto vulnerable systems without any action being taken by the recipient, a delivery system more dangerous than the email attachment method revealed by Symantec in March.

In a report, security firm Bromium Labs said: "With the widespread success and proliferation of such ransomware, it’s obvious that traditional approaches to end user security are failing to offer countermeasures against this kind of threat."

Ransomware locks up a computer system by encrypting files, blackmailing the user by demanding payment in order for the system to be unlocked.

"The rate of new crypto malware attacks seems to be increasing. It appears to be a profitable business for the underground crimeware gangs," Bromium added.

Another report by Symantec revealed that 11,000 instances of the virus had been detected by the end of March, earning an estimated $34,000 for the crime gang responsible. Similar malware Cryptolocker was thought to have earnt $27m in bitcoins by the end of last year.

Bromium expect ransomware to become more prominent as time goes on, an impression partially justified given yesterday’s reports of widespread ransomware among Apple customers in Australia.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Ransoms issued from CryptoDefense increase over time, with payment being demanded through Bitcoin. The malware also disables system restore, an advance over its rival Cryptolocker.

Victims are encouraged not to pay to have their systems unlocked, but instead to contact the support team of the system they are using. Bizarrely, the unlocking service offers to decrypt one file free of charge before you make a payment.

"It is worth to consider Isolation based security technologies that put a barrier between your real host computer and any malware of this nature," Bromium said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.