The ransomware encrypts and locks users’ data until a ransom of 8 Bitcoins, equivalent at present to $1680, is paid to the attackers.
In the last couple days, IT security solutions vendor ESET has been observing a surge in a new type of cyber-attack. Dubbed CTB-Locker, it is a new variant of the ransomware family and is affecting organizations within the GCC and in particular the UAE with ESET having recorded multiple incidents in a short period of time.
Commenting on the way in which the malware spreads, Mohamed Djenane, Security Specialist, ESET Middle East said, “It starts with a simple email. Organizations in the UAE are getting targeted email, mainly having a subject containing the word ‘fax’. This email contains an attachment infected with a trojan downloader.” Once downloaded by an unsuspecting victim, the trojan downloader connects to the internet and downloads the main CTB-Locker malware. On execution, CTB-Locker will encrypt specific file formats on the infected device, lock the users screen and display a ransom message
ESET offered the following advice to users and organizations to eliminate or at least reduce the impact of the new CTB-Locker attack:
Have any data backup mechanism; this will eliminate the need to pay anything since you already have a backup copy of your data.
Keep your operating system and antivirus solution up to date.
Never open email attachments if you are not 100% sure about the identity of the sender
Extensive awareness for employees and cyber education as per the best security practices
Early report for any suspicious activities to the IT team.
