CTB-Locker (Critroni) on the rise and using TOR

Attackers are implementing new strategies to exploit new vulnerabilities and increase their bot network.  Critroni is a new malicious program that have been sold in the underground forum. this kind of malware uses Tor network for the command and control servers to hide their presence and mask the source of attackers.

Critroni can be purchased for 3000 USD and provide attacker a platform to implement spam bot computers. the bot allows to install other malicious components and encrypt data similar to ransomware asking victim to pay online in order to have their files back. locking the computer is one of the method that becomes more often used by cybercriminal because it makes victim computer as a hostage and it will be almost impossible to decrypt the file without paying bitcoins to attackers.

ctb_startscreenshot after locking the files by Critroni

The problem with such infection that attackers provide the victim a 72 hours to have their files back and they perform the online payment otherwise files are going to be destroyed and user will lose all the data forever. the property for using tor makes it hard to track attacker because C&C server will be using an IP that are not for the cyber-criminals.

Here is more information about Critroni: http://malware.dontneedcoffee.com/2014/07/ctb-locker.html?view=classic

Notify of
Inline Feedbacks
View all comments