Bitcoin Ransomware Education – CryptoFortress

A few less common types of Bitcoin ransomware are still in circulation right now, although most people will have never heard of these variants. Every type of malware has its own quirks, and CryptoFortress is no different in that regard. On top of encrypting files and asking for payment, CryptoFortress turned out to be a vastly different creature.

Also read: Yobit Exchange Plagued By Withdrawal And Coin Listing Delays

CryptoFortress Is TorrentLocker With A Twist

The TorrentLocker strain of Bitcoin ransomware has created many types of offspring, yet CryptoFortress is one of the most unique offerings in the malware world to date. While this ransomware represents a payment page and ransom message nearly identical to TorrentLocker, infection poses an additional threat to the end user.

In fact, CryptoFortress was not created by the same group responsible for TorrentLocker, as a new collective appears to have stolen that malware’s HTML template and CSS files. Originality is not that difficult in the ransomware world, yet some people prefer to put in even less effort to earn some money, even if it is in illegitimate ways.

Under the hood, things are vastly different between TorrentLocker and CryptoFortress though. For starters, both types of malware are spread through different means, as TorrentLocker relies on spam emails, whereas CryptoFortress uses an exploit kit to infect computers all over the world.

Additionally, CryptoFortress has the ransomware included in the malware executable itself, as there is no control server such as presented by TorrentLocker. Both solutions use different types of cryptographic libraries (Microsoft CryptoAPI versus LibTomCrypt), and the CryptoFortress ransom amount is fixed at one Bitcoin.

Similar to the TorrentLocker ransomware, CryptoFortress also deleted any shadow volumes users might have stored on their devices. This prevents accessing files by loading a backup of the system onto the computer. Not a very pleasant situation, especially when considering how this malware would also encrypt files on network shares.

The end of 2014 was a trying time for computer users all over the world, as both CryptoFortress and TorrentLocker were running in parallel. A combination of spam emails and an exploit kit put a lot of consumers at risk, although the number of infections remained relatively low, all things considered.

Source: We Live Security

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.