A Tumblr of trouble

Tracking the Locker

If you are reading this blog, chances are that you’ve been bombarded with news and information about the infamous, Cryptolocker for months now.

However, for a threat THIS dangerous, it’s important to get the word out as much as possible and in as many ways as possible.

A blog post written today on the Technet Blog site by Marianne Mallen and Karthik Selvaraj provides some very interesting statistical data about the Cryptolocker infection over the last few months.  In it, they say that Cryptolocker infected over 34,000 systems between this September and early November.

However, that number might become much larger with the announcement from the U.K.’s National Crime Agency, warning of a massive spammed e-mail attack  containing Cryptolocker variants against U.K. residents, potentially millions of users could fall victim.

security threat category

They also mention that Cryptolocker affects mostly English-speaking countries, with all of the currently seen distribution e-mails (with Cryptolocker attached) are written in English.

In addition, 79 percent of the infections were located in the U.S. alone. Again, the latest news from the U.K. might change that number but it does support the English-speaking targets statistic.

Finally, they make note that distribution of Cryptolocker by other malware as well, such as ZBot, a widely used and spammed banker trojan. Their data is very interesting and well worth the read.

As a countermeasure, they of course reference backups but also recommend using Windows System Restore and even Skydrive for Windows 8.1.

So, if you are wondering when you are going to STOP hearing about Cryptolocker, the answer is probably not for a very long time. As I mention in the soon-to-be-published Malwarebytes 2013 Threat Report, Cryptolocker is only the beginning of this style of ransomware.

As we have seen a great reduction in the “FBI” style Ransomware, this new method, which made a  huge blow to the security community, will most likely become the new standard for 2014.

So, while you might not be hearing about new Cryptolocker infections six months from now, you will most certainly be hearing about malware that was developed with Cryptolocker in mind.

At the end of the day, users are going to have to be more proactive and take the security of their own documents and images much more seriously.

Backups, updates and protection for your operating system is a requirement and will continue to be so as we move into the next year.

Thanks for reading, safe surfing and DFTBA!


Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.