Home » Antivirus » Online Ad Campaigns imitate as the CryptoLocker

CryptoLocker is a newly discovered Windows malware threat that encrypts user information and makes it unreadable. It asks the user for a specific amount of money to decrypt the information. As of December, 2016, the designers of CryptoLocker were able to extract in $50 million in just hundred days. So, in what may be called a try to ride this cash cow, is a threat recently discovered by McAfee. If having any issue, contact McAfee technical Support. Here is small information about it.

Online Ad Campaigns imitate as the CryptoLocker

How the Malware Works?

McAfee considers this malware as FraudTool.Legtot.A3. The malware generally pretends to do something related to what the CryptoLocker does to the information of the targeted user.

When processed, the malware copies itself to Appdata folder with an extension ‘svhost .exe’. Its name is shown as CrytoLocker to the user. The malware stops all running applications in the computer as well as Explorer. It adds AutoRun entries that permit it to process automatically whenever the device is started.

Does the Malware Encrypt User Files for genuine?

In authenticity, the malware does not encrypt any data in the user device. By displaying a message as shown above, it takes benefit of the threat that most user have about the Cryptolocker. What the malware does is it stops the user from using the device by continuously monitoring running applications and stopping them.

What occurs if User replies to the Message?

If the user taps the Open Survey link in the message box, it opens up a browser with several ad campaigns that go via the following phases:

totally-legit.biz → filesquick.net → glispa.com that serves ads from Shophunk, BigFlix and even suggest apps such as Chat.

This advertisement on shophunk.com attracts users to purchase mobiles at unbelievably cheap prices by participating in a contest.

These ads show that malware writers are taking advantage of Affiliate Interfaces like the glispa.com and social engineering.

Another instance of an ad campaign targeted by the malware is one from BigFlix Entertainment that claims to provide unlimited movie streaming for the first month of subscription at just Rs.1. Users are strongly suggested not to get attracted by such too-good-to-be-true advertisement campaigns and end up paying money to fraud online shopping websites. To block forge and phishing websites, that steal user data, try McAfee Internet Security that provides real-time web security from online threats.

Data, once encrypted by them, cannot be recovered without buying the private key. And once this malware is found by antivirus software, it is eliminated from the system. So, even if a victim changes his/her mind to pay the ransom and get back their ‘important’ data, they won’t be able to. Users have been time and again suggested not to pay any money to the ransomware. But let’s say a business is going down as its data got encrypted by CryptoLocker. It is most likely, that the business owner will pay the money. It seems like the developers of CryptoLocker might have thought on such possibilities and came up with an online decryption service. This service is for those who still want to get their lost data. Retrieval of data using this method is 10 Bitcoins or around $2,120 USD.

How does the Service Function?

The user has to upload an encrypted file on the service page, after that they will receive an order number. This number can be used to check the status of the order. Once an order is found, the user will be lured to buy the private key. If the payment matches the amount asked by CryptoLocker, then the user will get the private key and a decrypt key to recover their data.