We will compare CryptoWall and CTBLocker in terms of their communication methods, the way they select target files, and their encryption methods. Compared with CryptoLocker and CryptoWall, CTBLocker is even harder to track, because it communicates with C&C servers through the Tor network instead of connecting directly to them. It targets all current versions of Windows, such as Windows XP, Windows Vista, Windows 7 and Windows 8. The C, T and B are the three core components of the ransomware respectively they represent Elliptical Curve (its encryption algorithm), Tor (its communication protocol) and Bitcoin (its ransom currency). ‘CTBLocker’ is short for ‘Curve Tor Bitcoin Locker’. On top of these, another piece of ransomware, called CTBLocker, was found in July 2014 right after CryptoWall was discovered. It also disables Windows Update and error reporting in order to avoid detection. It deletes the volume’s shadow copies and disables the Windows Error Recovery screen at start-up to increase the difficulty of recovering files. Compared to CryptoLocker, CryptoWall is stealthier as it uses the Tor network to host payment websites in order to avoid being tracked and discovered. Sometimes files can be recovered after paying the ransom, but sometimes not.
Once the computer was infected, the targeted files were encrypted and a payload popped up to demand a ransom. Both CryptoLocker and CryptoWall propagated as attachments or malicious links through email messages. Millions of computers were infected within five months, and CryptoWall is still active now.
After a few months’ silence, a new variant, CryptoWall, appeared in late 2014. It caught a lot of researchers’ attention at that time, and it was finally isolated in late May 2014. Millions of computers were infected, billions of files were encrypted, and millions of dollars’ worth of ransom was collected within several months. The CryptoLocker ransomware was first discovered in late 2013.
0 kommentar(er)
