Security Researchers Fail to Take Down CryptoLocker Malware

A group of security experts from the group Malware Must Die have failed in their attempts to take down command and control nodes associated with the CryptoLocker malware.

The security experts from the group created a list of 138 domains that are associated with the communication channels for the malware. Damballa which is an anti-botnet company claimed that the majority of the domains were suspended but despite this, the CryptoLocker malware was quickly revived.

Adrian Culley who is a technical consultant at Damballa claims that he isn’t surprised that the CryptoLocker malware was quickly revived as the efforts by the group Malware Must Die would have proved to be more effective with post takedown analysis.

Culley stated, “It is no surprise that the announcements of the death of CryptoLocker appear to have been somewhat premature. An essential part of the process is post-takedown analysis, which may turn out to be a post-mortem, or a triage of the zombie remnants of a botnet, or may indeed confirm that the botnet is very much still alive and kicking.”

Culley added, “It is essential to undertake this analysis post any sinkholing activity which does appear to have happened in this instance. CryptoLocker appears to have the same resilience as many other C&C based attacks. Efficient post-mortems lead to better surgery and this is just as true of botnet remediation as it is medically.”

So far, the CryptoLocker malware has affected thousands of people. It generally arrives in an email in a .zip attachment. This contains an executable file which is disguised as a PDF. If this executable file is opened and successfully runs, the data on the drive and any other connected LAN drives is encrypted. Once encrypted, there is no other way to decrypt the data unless a payment is made to obtain a private key that will decrypt the data again.

Jason Glassberg who is the co-founder for security firm Casaba believes that common sense plays a huge part in ensuring that the malware doesn’t affect your company or computer.

Glassberg stated, “Like any other piece of malware, common sense goes a long way. The critical thing is it’s not going to install files by itself. You have to initiate some action.”

Malicious coders are continuously developing more sophisticated methods of attack which is making it harder for companies to ensure that their data remains secure. Therefore, the importance of having a robust backup solution in place is vital. Such instances where utilising a replication product as a means of a backup can prove to be very dangerous. If your data becomes encrypted by the CryptoLocker malware and is then replicated, you will not be able to restore your data in its previous state. This will leave you to either pay to get the private key that decrypts your data or to accept that you cannot recover your data.

Are you afraid of the CryptoLocker malware? Do you utilise a robust backup solution?

One thought on “Security Researchers Fail to Take Down CryptoLocker Malware”

  1. These types of threats never fully go away. I have been up against this one a few times and I haven’t seen something so destructive in a very long time. One company did lose about a years worth of information due to poor backup practices and even shadow copy was off. They are now fully backed up using modern local backups and a good online backup on each system. The good thing about online backup is in the event of something like Cryptolocker they can restore their backups and make it so that corrupted online backups are changed to clean backups so nothing is lost. Always use more than one method of backing up to make sure no matter what files are safe and restorable.

Leave a Reply

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal