Ransomware Education – CryptoLocker Introduced Timed Bitcoin Payments

Staying on the topic of [Bitcoin] ransomware for a few days, it is important to take a look at which different types of this software have given Bitcoin such a bad name throughout the years. The first main Bitcoin ransomware to make a name for itself was called CryptoLocker, and the software is still claiming victims to this very day. Even though various alternatives have been released throughout the years, CryptoLocker will always be the one linking ransomware to Bitcoin.

Also read: Chainanalysis Partners with Europol’s European Cybercrime Centre

CryptoLocker Wreaks Havoc On Computers Worldwide

The first time anyone came in contact with CryptoLocker was during the September 2013 period, after a lull in the number of ransomware attacks. Even though security experts were well aware the threat was far from over, CryptoLocker took all of them by surprise, as it was much harder to detect, or even fix without paying the associated fee.

Whoever developer CryptoLocker remains unknown to this point, but they were quite well versed in technology and encryption by the look of things. CryptoLocker was the first type of ransomware to use a 2048-bit RSA key pair to decrypt computer files, which is incredibly difficult to brute force.

Additionally, CryptoLocker uploaded this key pair to a command-and-control server, and a whitelist of file extensions was created which would then be encrypted by the ransomware. As is the case with any of these infections, users were greeted with a message asking them to pay a certain fee if they wanted to restore access to their files.

But this is where CryptoLocker set itself from Reveton, as it was the first time Bitcoin was mentioned as a supported payment method. During those days, a lot of people assumed Bitcoin was an entirely anonymous form of transferring money around the world, even though nothing could be further from the truth.

Things didn’t end there, though, as CryptoLocker introduced another parameter to the ransomware game. Bitcoin payments had to be made within a specific time limit – usually, 3-5 days – or the encrypted files would be inaccessible forever, as the associated decryption key would be destroyed automatically. However, if the timer expired, users were given a second chance to pay for access, albeit the fee would be increased to 10 Bitcoin.

June of 2014 was a critical period, as the ransomware was traced down to the Gameover ZeuS botnet, which was shut down by law enforcement. Wikipedia statistics indicate roughly US$3m was extorted through the CryptoLocker malware over the course of less than one year.

Source: Wikipedia

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.