Ransomware authors have turned to the blockchain to better facilitate their operations, using it to better deliver decryption keys to victims who have paid up.
The new technique has been spotted in a recent version of the well-travelled CTB-Locker ransomware. CTB has been targeting Windows computers for some time but a new PHP-based variation has started targeting websites.
In its original form, once a victim of the ransomware pays up to unlock their files (encrypted by the malware upon infection), a script called access.php was used to access the hacker’s back-end server and retrieve a decryption key.
Security researchers Sucuri reckon that hackers have turned away from that method due to its relative unreliability. Hacked websites storing the php file could be cleaned by their owners, and having to maintain a list of hacked servers would be “a hassle” for the criminals.
In an ingenious turn to make hackers everywhere shed a tear of pride, the authors behind CTB-Locker have started using the blockchain to deliver keys instead.
The technique was first spotted by Sucuri in March and relies on an information field in Bitcoin protocols introduced in 2014. It creates a unique Bitcoin wallet address for every infection and then, once the victim pays up in Bitcoins, it sends a bogus transaction in the opposite direction. For the full article click here
from hacker samurai http://ift.tt/1SGzDqG
via IFTTT
No comments:
Post a Comment