A new wave of crypto ransomware targeting Luxembourg

A new wave of attacks impacting companies and individuals is on the rise in Luxembourg since a few days. The infection known as ‘CTB-Locker’ or ‘Critroni crypto ransomware’ is delivered mainly through spam messages and email attachments (i.e. ZIP files, via Flash…).

A new wave of attacks impacting companies and individuals is on the rise in Luxembourg since a few days. The infection known as ‘CTB-Locker’ or ‘Critroni crypto ransomware’ is delivered mainly through spam messages and email attachments (i.e. ZIP files, via Flash…).

Encrypts the victims’ files

This type of malware encrypts the victims’ files on logical drives like local hard drives, removable drives and server shares (mapped network drives), which usually contain a lot of sensitive information. When the encryption process is finished, the malware demands a payment in order to receive the decryption key. The amount requested ranges currently from ~500 to ~1.500 Euro and it has been reported that this malware is quite financially successful for the attackers. Infections with a crypto ransomware can be devastating to impacted organizations especially when critical company information is no longer accessible.

“These infections result in your files being locked and the inability to access them anymore, unless you pay to get the decryption key and access your files again. The attackers who are running these types of campaigns are professionals and have learned to implement cryptography methods correctly for their benefit. The first recommendation we make is to do regular backups and to not pay the attackers”, explains Sascha Rommelfangen, from CIRCL (photo).

ctblocker-s

Security best practises guide

The main recommendation CIRCL makes is to always perform regular backups of the personal files. Such malware also impacts USB drives and network attached servers. We strongly recommend to keep the backups on separate devices.
Companies and IT operators will need to ensure that they can restore files from their backups and have an adequate retention period.

  • Keep your software up-to-date including browser plug-ins like Flash player, Java, Silverlight,…
  • Do not open attachment or click on links from unsolicited emails links can be reviewed on CIRCL URL abuse
  • Ensure that your Antivirus is up-to-date
  • Don’t hesitate to contact CIRCL in case of an incident.