Bitcoin Ransomware Now Spreading via Spam Campaigns

Security firms McAfee Labs and Symantec have issued warnings that a type of bitcoin-demanding ransomware, CTB-Locker, is now being propagated through spam campaigns.
The malware, the name of which stands for ‘Curve Tor Bitcoin Locker’, was first identified last year. However, the spam distribution approach appears to be a relatively new development.
McAfee published its latest advisory last week, describing CTB-Locker as a form of ransomware that encrypts files on the target computer. Anecdotal evidence suggests .jpg image files are a frequent target. The victim then has to pay a ransom to have the files decrypted.
Symantec said in a recent blog that the process of dealing with crypto malware is ‘particularly nasty to deal with’.
How it works
Upon installation, CTB-Locker injects malicious code into the ‘svchost.exe’ file, creating a scheduled task for moving and encrypting files.
The malware encrypts the compromised files using elliptical curve encryption, which appears to be equivalent to RSA encryption with a 3,072-bit key.
Once the encryption is complete, the user is informed of the attack through a pop-up ransom message.

This post was published at Coin Desk on January 26, 2015.