Security Researcher Provides Free Decryption of CTB-Faker Ransomware

Once again, there is a new type of ransomware in town, which shows a lot of similarities with the once feared CTB-Locker malware strain. However, this tool does something differently, as it uses WinRAR to lock data in password-protected zip files. This is an interesting take on file encryption, although it may not be as worrisome as people may think at first glance.

CTB-Faker Ransomware Is A Different Breed

Throughout the past few months, internet criminals have been stepping up their game when it comes to creating powerful ransomware. Even though CTB-Faker borrows a lot of its code from CTB-Locker, do not take this threat lightly. Getting infected with this malware will make computer files inaccessible, which is never a good thing.

That being said, it is possible to decrypt the data, although it will take a more complicated process than normal. Interestingly enough, CTB-Faker often spreads through adult websites, particularly those promoting private striptease dance videos. Platform visitors are invited to download a zip file containing an executable file, containing the CTB-Faker ransomware.




So far, this method of attack has proven to be quite lucrative for internet criminals. One of the Bitcoin addresses used by this malware has received 577 BTC in payments so far. Not bad for a rather harmless ransomware, even though it can be quite annoying to deal with for the average user. Paying the ransomware fee of US$50 in Bitcoin is usually the preferred action, as it is a rather small price to pay compared to other forms of malware.

Security researchers have discovered the CTB-Faker name is aptly chosen, considering how little of a threat this malware truly poses.  Instead of using SHA-512 and RSA-4096 encryption to lock files, it uses the standard encryption used by the WiNRAR software. One researcher has found a way to break this encryption for free, and he will gladly help infected users do so.

While the ransom note provided by CTB-Faker may be very worrisome, none of its claims can be backed up. Moreover, the low ransom price point makes it appealing to less tech-savvy computer users to just pay the money and have file access restored. But rest assured a free solution is available when reaching out to the right people.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.