Ransomware targeting users in the UAE
CTB-Locker ransomware incidents rising in the region says ESET
A new variant of ransomware appears to be affecting users in the GCC and the UAE in particular, according to security company ESET.
ESET said that it has recorded multiple incidences of the CTB-Locker ransomware in the region in a short space of time. CTB-Locker encrypts and locks users data and attempts to extract a ransom of 8 bitcoins, currently equivalent to $1680, from the victim.
The new ransomware which was identified by ESET researches has been observed all over the world with the highest density in Europe and Latin America. There is a big similarity between CTB-Locker and Crypto-Locker, an infamous piece of ransomware that has been making rounds in the cyber community since September 2013. While they both operate in the same manner in terms of encrypting the victim's machine, CTB-Locker uses a different type of encryption algorithm.
Commenting on the way in which the malware spreads, Mohamed Djenane, security specialist, ESET Middle East said: "It starts with a simple email. Organisations in the UAE are getting targeted email, mainly having a subject containing the word 'fax'. This email contains an attachment infected with a trojan downloader. Once downloaded by an unsuspecting victim, the trojan downloader connects to the internet and downloads the main CTB-Locker malware. On execution, CTB-Locker will encrypt specific file formats on the infected device, lock the users screen and display a ransom message."
ESET is advising organisations to backup data, keep operating systems and anti-virus solutions up to date, and educate users on the risks of cyber attacks.