ESET researchers have spotted a new variant of ransomware - CTB-Locker spreading in Europe and Latin America over the past two days. It encrypts user’s files and requests ransom in Bitcoins.
Infection starts when victims receive an e-mail with the subject “fax”, containing an attachment infected with Win32/TrojanDownloader.Elenoocka.A – a trojan downloader which after connecting to Internet downloads other malware – in this case the Win32/FileCoder.DA, known as CTB-Locker. Upon successful opening in the victim’s device, CTB-Locker encrypts all files on the device, locks its screen and displays a ransom message.
For more detailed analysis of CTB-Locker ransomware, please visit WeLiveSecurity.com.
Raphael Labaca Castro
Editor in Chief, We Live Security