CryptoFortress Has An Unpleasant New Trick

Cryptolocker-type viruses have had the ability to encrypt mapped network drives before, but now any open SMB shares on the same network are up for grabs too. Ugh. Almost makes to you want to just go back to using pencil and paper.
A new encrypting ransomware called CryptoFortress was discovered yesterday by security researcher Kafeine that appears to be either a copycat or a new version of TorrentLocker. When looking at the ransom note and decryption site for both CryptoFortress and TorrentLocker the differences between the two appear to be small. On further inspection, though, we have discovered that CryptoFortress includes the new and nasty feature of being able to encrypt files over network shares even if they are not mapped to a drive letter.

No comments:

Post a Comment