CryptoLocker Ransomware, to date, generally spread via various online method such as fake emails containing the malware, drive-by downloads or via any other already infected malware. So far, the malware has been successful in infecting more users.
It appears the cyber criminals behind the cryptolocker malware are not satisfied with the infection ratio. So, they have added new features in their new version.
A new variant of cryptolocker has been detected by Trend Labs that comes with new features to spread from victim's machines. This variant has the ability to spread via Removable drives.
"This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants." Researchers say.
Unlike the previous variants, the malware now uploaded in Peer to Peer (P2P) file sharing site, pretends to a cracker for various software such as Adobe Photoshop, Microsoft Office. This helps the attackers to easily infect systems without the need of spending time in sending spam mails.
However, the malware is failed to use a Domain generation algorithm(DGA), feature that enable the malware to evade detection as it use a large number of random domain names.
"This could mean that the malware is still in the process of being refined and improved upon. Thus, we can expect latter variants to have the DGA capability." Researchers said.
