Explain how cryptolocker works, and discuss its mutation from a trojan to a worm.
- [Voiceover] Cryptolocker has appeared in many evolutions.…Let's take a look…at how one of the more recent versions works.…This version uses asymmetric encryption…and bitcoin payment.…The Cryptolocker ransomware…is typically distributed through a botnet.…When it first infiltrates the target,…it copies itself onto disk…with a randomly generated executable name.…It then includes a startup command in the registry,…so that it can restart after a reboot.…When Cryptolocker starts up…it attempts to communicate…with its command and control server.…
It does this using its domain generation algorithm,…as is usual with contemporary malware.…It sends a message containing the version,…the date, time of build, and the target name.…If successful, it receives from the server a public key,…and a corresponding bitcoin address.…A key is added to the registry with these values,…and a wallpaper file created,…containing instructions on how to pay the ransom.…Cryptolocker then selects the files…that it wants to encrypt.…These include jpegs, docs, spreadsheets, powerpoint files,…
Released
6/10/2016Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. This course maps to the 09 Denial of Service domain.
- What is denial of service?
- SYN flooding
- Smurf and URL flooding
- Deauthenticating a wireless host
- Flooding HTTP
- Using BlackEnergy
- Flooding SIP
- Detecting DoS with PeerShark
- Defeating DoS attacks
Share this video
Embed this video
Video: Understanding CryptoLocker