Companies on the CTB Locker

According to the latest reports of the Bitdefender software manufacturer, the wave of spam containing ransomware viruses is beginning to reach the business mailboxes of employees of French companies, but this does not mean that the malicious campaign will bypass Polish companies.

Ransomware is a type of software used by cybercriminals to attack users' computers. Their operation consists not only in the unconscious user entering the computer, but also on encrypting data on the disk. Typically, decrypting files is possible after transferring a certain amount of money to an online villain's account.

Spam messages containing attachments.cab are stylized to look like a genuine message from a colleague. Email messages look like authentic invoices and are sent to management departments.

The content of the message invites people to open the .cab file, which is a self-executing archive. After running the file, cryptoware CTB Locker is executed on the user's computer and encrypts defined file extensions. Connected external drives, file servers and backups are also encrypted.

The company is thus called upon to pay a ransom to obtain decryption of files in a relatively short time - usually about 72 hours.

How can the user and companies protect themselves against this threat?

The messages sent usurp the identity of the victim's colleague, which builds a layer of trust and credibility. They are well-written, in the user's language, making them even harder to identify as cheating. Users are asked to pay special attention when opening e-mails from unknown senders, especially when they contain attachments. It should also be remembered that the documents we receive most often are not sent as a Cab file.

The key is to use appropriate proactive protection against threats such as malicious files and programs, but you should also regularly back up files to an external drive, not connected to a computer or network, to avoid losing any sensitive data with one double click.

source: Bitdefender



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.