CTB-Locker is a well-known ransomware Trojan used by crimeware groups to encrypt files on the victim’s endpoints and demand ransom payment to decrypt the files back to their original state, but most antiviruses detect it by mistake as CryptoLocker (only one vendor correctly detects it as CTB-Locker). The attack vector is very basic and repeats itself: It begins with a spear phishing email sent with SCR attachments (double zipped). Once executed by the user the first stage malware downloads and executes the ransomware from a fixed hardcoded server list.
The first known campaign was launched by Crimeware on November 2014. The first stage downloaded the ransomware from these sites:
- pubbliemme.com (126.96.36.199)
- agatecom.fr (188.8.131.52)
- n23.fr (184.108.40.206)
- baselineproduction.fr (220.127.116.11)
CTB-Locker is a well-known ransomware Trojan used by crimeware groups to encrypt files on the victim’s endpoints and demand ransom payment to decrypt the files back to their original state. Earlier this week we detailed a new CTB-Locker campaign and why legacy security products won’t protect enterprise networks.
In this blog post we will detail how to protect yourself from CTB-Locker, even if you aren’t protected by Palo Alto Networks next-generation enterprise security.
Tennis Australia, the governing body for tennis in Australia and host of the Australian Open, was recently featured in the Brisbane Times for how it uses IT data to improve the experience of everyone from its own security team, to sports journalists covering the tournament, to customers looking to improve their backhands.