Bitcoin Ransomware Education – CryptoDefense

The Bitcoin ransomware family is a lot larger than most people anticipated. While there are a ton of different variants based on some of the more modern strains, every version of ransomware has its own traits that need to be highlighted. CryptoDefense is a different version of CryptoLocker, and it made the “developers” quite a lot of money in 2014.

Also read: Bitcoin Ransomware Education – TeslaCrypt

CryptoDefense Hackers Reign In Over US$34,000

TheMerkle_Bitcoin Ransomware CryptoDefense

CryptoLocker will always remain one of the most popular versions of Bitcoin ransomware according to the media, but there are different variants based on the same code which have seen their fair share of “success” as well. CryptoDefense is based on the CryptoLocker codebase, and over 11,000 infections were recorded between February and May of 2014.

What makes Bitcoin ransomware so effective is the combination of techniques used to infect a host computer.  However, the usage of the Tor network to make Bitcoin payments for additional layers of anonymity is interesting as well, since it makes it a lot harder to track down the people responsible for spreading this malware.

Moreover, ransomware would not be such a big threat if the encryption was easy to break. CryptoDefense users RSA-2048 encryption, making it all but impossible ty bypass the malware infection without paying the Bitcoin ransom. Additionally, there is the usage of timers, which will increase the ransom amount to be paid if the demand is not met within a specific time frame.

CryptoDefense did not resort to extraordinary tactics for infecting computers all over the world, though. Most of the malware infections happen through email attachments, which were usually labelled as a set of images in a zip file. As soon as the malware is executed on the computer, it will attempt to communicate with one of four remote locations. Receiving a successful reply should not too long, which then initiates the encryption of computer files and transmits the private key to the associated server.

It has to be said, however, how CryptoDefense was rather helpful in getting people to use the Tor protocol. The Bitcoin ransomware solution provided instructions to download a Tor browser and enter the associated web address to make the Bitcoin payment. Ransom amounts would range from 500 USD/EUR to increasing amounts if the money was not paid within the first four days of being infected.

Based on the information provided on the Symantec website, CryptoDefender creators reigned in an estimated US$34,000 in less than one month of distributing the malware. This number may not be as lucrative compared to other forms of Bitcoin ransomware, but it is still a significant amount.

Source: Symantec

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.