Categories: CryptoNews

CTB-Locker Sends Decryption Keys Over Bitcoin Blockchain

An interesting article has surfaced on PC World, which details how Bitcoin ransomware infections through CTB-Locker can be solved by looking at Bitcoin transactions. Or to be more precise, that would be the most positive outcome as this malware apparently stores decryption keys within the metadata of Bitcoin transactions.

Also read: ShapeShift CEO Erik Voorhees Reveals Hack Was an Inside Job

A New Way To Crack CTB-Locker?

CTB-Locker has proven to be quite an annoying strain of Bitcoin ransomware, which has been all but impossible to crack by security experts. Up until now, that is, as it turns out finding these decryption keys is not as difficult as originally assumed. But it will not be a walk in the park either; that much is certain,

According to the PC World article, the author of CTB-Locker has come up with the ingenious way of storing the decryption key for every infection on the Bitcoin blockchain. Keeping in mind how all of these transactions are broadcasted to the public, the creators have designed this method to deliver the decryption keys to victims who paid the ransom.

This is a step up from the previous c&c server strategy Bitcoin ransomware used. CTB-Locker would send information back to the creator’s own servers to confirm the payment, and that same route would be used to deliver the decryption key to the victim. But this is not the most reliable method and a new solution had to be found.After all, why not use the Bitcoin blockchain?

Related Post

The OP_RETURN field found within the Bitcoin source code makes this principle possible. This same function lets users include a message or other data with every transaction, and can easily hold a decryption key. Although these transactions are not validated by the blockchain – assailants create bogus tx on purpose – it is still recorded on the blockchain.

Once this step has been completed, the CTB-Locker ransomware will execute a script to scan the blockchain for the transaction history linked to the Bitcoin address used. The decryption key is extracted from the bogus transaction, and file access is restored. In a way, this system is elegant and kind of interesting, although it is being used for nefarious purposes.

Source: PC World

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

3 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

3 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

3 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

3 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

3 hours ago

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

6 hours ago