Bitcoin Ransomware Education – Cryptlock

CryptoLocker will always remain the most well-known form of Bitcoin ransomware ever to exist, which resulted in a fair amount of different strains based on this malware. Cryptlock is one of those examples, as it is a new breed of CryptoLocker that was first discovered on February 21, 2016. However, chances of getting infected with this malware are fairly slim for most users, as it only seems to target older operating systems.

Also read: Bitcoin Ransomware Education – Cryptorbit

Cryptlock Is Less Of A Threat

TheMerkle_CryptLock Bitcoin Ransomware

What makes Cryptlock of particular interest is how this type of Bitcoin ransomware will only affect older versions of the Microsoft Windows operating system, except Windows 7. Windows NT, XP, Vista, and 2000 are all vulnerable to Cryptlock, making it a very low threat for companies such as Symantec.

Similar to CryptoLocker, Cryptlock spreads itself by hiding in email attachments, which are then downloaded onto a host computer. One way to circumvent this installation is by limiting user privileges, so they are unable to execute files on the computer or network. Additionally, read-only mode on most devices and computers might be a good idea as well.

Similar to nearly every other form of Bitcoin ransomware, Cryptlock will lock the computer’s screen and encrypts all of the necessary files. This type of malware will disguise itself as a legitimate message from local law enforcement, informing the user they have broken the law, yet can get away with it by paying a fee in Bitcoin.

However, not all of the Cryptlock versions rely on Bitcoin payments, as some other versions prefer more traditional and accessible payment solutions. This type of behavior was first displayed by Reveton, the “mother” of all Bitcoin ransomware types to exist in the past five years. MoneyGram, uKash, and MoneyPak are among these preferred payment methods.

Removing Cryptlock has proven to be less of a hassle compared to other types of Bitcoin ransomware. Installing Norton Power Eraser on the computer seems to be doing the trick just fine, as the software will perform a list of rootkit scans. Cryptlock is on the list of threats, and the program should have little effort with taking the proper actions.

Unlike most versions of Bitcoin ransomware, Cryptlock does not seem to prevent users from accessing files by restoring a previous backup. Shadow volumes seem to remain safe from harm when a computer is infected by Cryptlock, which is an interesting change. Making this malware easy to remove should lead to very few people paying the ransom, either in Bitcoin or through other means.

Source: Malwarefixes

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.