Feeds

We're making TOO MUCH CASH, say CryptoLocker scum in ransom price cut

Bitcoin bubble prompts 'generous' cybercrooks to slash their demands

Top three mobile application threats

The soaring price of BitCoin has prompted the cybercrooks behind the infamous CryptoLocker malware to reduce the levy they impose on victims from 2 BTC to 0.5 BTC.

The reduced price scam was spotted in variants of the malware, which encrypts personal files on infected Windows PCs, spotted earlier this week by security firm F-Secure.

Sean Sullivan, a security researcher with the Finnish security company, writes that the unknown crooks behind the scam are simply following regular business practices ultimately geared at maximising the return from their nefarious activities.

The price of Bitcoin has been wildly volatile lately. And that type of commodity volatility affects Bitcoin's ability to act as a currency because prices are quickly driven out of whack. Even for ransomware such as CryptoLocker.

As previously reported, Cryptolocker encrypts the contents of a hard drive and connected local area drive using asymmetric cryptography before demanding payment for a private key need to unlock the data. Victims are typically told they need to pay the ransom within 72 hours if they ever want to see their data again. More recently, an ancillary service has sprung up that allows the retrieval of data at a higher price beyond the 72 hours deadline. Victims are required to upload an encrypted file in order for the service to match it with a key – during which time a "Pac-Man" animation is displayed, F-secure notes.

The value of Bitcoin has rocketed since the scam surfaced in September, so that what started out as a demand for $300 was costing victims $1,400 earlier this week; a price many victims might well balk at paying.

CryptoLocker normally arrives in email as an executable file disguised as a PDF, packed into a .zip attachment. A spam run targeting millions of UK consumers prompted a warning from the UK National Crime Agency last week. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.