Security Researchers Spot New Ransomware Nicknamed “CryptoFortress”
Pcrisk.com reported on 5th March, 2015 stating that a new ransomware, CryptoFortress, has been discovered by security researchers in the wild.
The ransomware intrudes systems through infected email messages and fake downloads (for example: rogue video players, fake Flash updates, etc.). After successful intrusion, files stored on the computer are encrypted and a ransom of one Bitcoin (sometimes one Bitcoin is equivalent to around US$300) is demanded for the decryption key.
CryptoFortress is similar to another ransomware infection known as TorrentLocker because it uses source code for the ransom notes and other web pages from TorrenLocker. However, this is a new and unique variant of ransomware.
CryptoFortress makes a copy and extends the name with the .frtrss extension after finding a supported data file. The data of the file is encrypted and the original name of the file and extension are then restored. Users are permitted to decrypt two selected files (up to the size of 500 Kb) without any charge to prove that all remaining files will be decrypted after the payment is made.
Disturbingly, CryptoFortress carried out attacks which were discovered last month in Australia.
Scmagazineuk.com published news on 9th March, 2015 quoting Carl Leonard, Principal Security Analyst of security firm Websense, as saying: “Unfortunately this looks really bad as once your files are encrypted, you might consider them as lost. Hence, the most important thing here is to protect yourself from any incoming tricks and lure and you should create a backup file storing all these files separately offline because even if ransomware intrudes your system, it will not be able to encrypt those.”
He added: “The general state of ransomware is that it is still prevailing and causing damage and most alarmingly it has been evolving as we progress through 2015. Once a machine is infected and files got encrypted, there is little a user can do to counter it. To strengthen the overall security measures, we recommend that enterprises should raise awareness amongst their employees about base of dangers and signs of ransomware and implement suitable technologies to identify and protect from the threat during early phase of threat cycle.”