Newest CTB-Locker Campaign Bypasses Legacy Security Products

Introduction

CTB-Locker is a well-known ransomware Trojan used by crimeware groups to encrypt files on the victim’s endpoints and demand ransom payment to decrypt the files back to their original state, but most antiviruses detect it by mistake as CryptoLocker (only one vendor correctly detects it as CTB-Locker). The attack vector is very basic and repeats itself: It begins with a spear phishing email sent with SCR attachments (double zipped). Once executed by the user the first stage malware downloads and executes the ransomware from a fixed hardcoded server list.

CTB

The Origins

The first known campaign was launched by Crimeware on November 2014. The first stage downloaded the ransomware from these sites:

  • pubbliemme.com (5.134.122.150)
  • agatecom.fr (213.186.33.19)
  • n23.fr (213.186.33.4)
  • baselineproduction.fr (213.186.33.4)

…Continue reading


How To Protect Yourself From the Latest CTB-Locker Campaign

posted by: on January 29, 2015 2:04 PM

filed in: Malware, Threat Prevention, Unit 42
tagged: , , ,

CTB-Locker is a well-known ransomware Trojan used by crimeware groups to encrypt files on the victim’s endpoints and demand ransom payment to decrypt the files back to their original state.  Earlier this week we detailed a new CTB-Locker campaign and why legacy security products won’t protect enterprise networks.

In this blog post we will detail how to protect yourself from CTB-Locker, even if you aren’t protected by Palo Alto Networks next-generation enterprise security.

Since our first blog post on the campaign, here are some updates: …Continue reading


Special Ignite 2015 Offers Expire January 31

posted by: on January 29, 2015 10:00 AM

filed in: Ignite
tagged: , ,

The Ignite Conference early bird rate expires on January 31. Register now to lock in your conference pass for just $1095. Admission is limited and this event will sell out.

ignite 2015_

SPECIAL OFFER

…Continue reading


Customer Spotlight: Game, Set, Match for Australian Open Host

posted by: on January 29, 2015 6:00 AM

filed in: Customer Spotlight, Firewall
tagged: , ,

Tennis Australia, the governing body for tennis in Australia and host of the Australian Open, was recently featured in the Brisbane Times for how it uses IT data to improve the experience of everyone from its own security team, to sports journalists covering the tournament, to customers looking to improve their backhands.

tennis_australia
…Continue reading


Older posts →