Bitcoin is increasingly used for malware money demands

ByZach Copley

Showing some excitement that is too much, eventuallyIt will be possible to convert at ATMVirtual currency that increases presence as day by day "Bitcoin (bit coin)However, even in the world of net fraud, it turned out that someone who requested money using Bitcoin appeared.

You're infected-if you want to see your data again, pay us $ 300 in Bitcoins | Ars Technica
http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/

Malware that infects computers and makes files unusable and demands money to replace the restoration continues to rage. "Pay the ransom if you want to return the file" and the virus that winds up the money with a method like a kidnapperRansomware(Ransom means "ransom"), but the number of cases using Bitcoin as a remittance method is increasing. Nick, who is in charge of computer troubleshooting, told the following case on condition that he was anonymous.

The other day, an e - mail addressing "Intuit" arrived for a person in charge of company accounting at Nick 's client. Sell ​​business software for small businessIntuitThe client who was convinced of e-mail from the company opened the zip file attached to the e-mail with no doubt. Immediately after that, it appeared that nothing happened except that the white window flashed several times on the screen, but in fact the computer was infected with malware at that moment. The client who did not notice that, joined the meeting leaving the computer as it is. After several hours, we found out that an abnormal file was found on several computers connected to the network and found out that they were all accessed by the computer of the accounting department.

Although we implemented countermeasures promptly, it turned out that all important files stored on multiple computers were encrypted and were in an unusable state. And the following window is displayed on the screen and a message saying that if you do not remit 300 dollars or 300 euros within 72 hours you will be prompted to discard the recovery password permanently.


This malware is called "CryptoLocker" and it encrypts (crypto) the file and locks it as indicated by its name. It says that RSA 2048 bit process is used for encryption, but it is not certain about the truth. When the client thought that it would be a serious thing to erase the data unless you dealt with it, clicking "Next", it seems that the screen to accept money transfer in Bitcoin or MoneyPak is displayed.



Fortunately, this client said that it succeeded in recovering the file, but in many cases the file was lost without replying even if money was actually sent. In some cases, you can temporarily stop the operation of malware by manipulating the BIOS date and time setting on the computer itself, but first of all it is important not to touch suspicious files. It is important to do security measures, make backups thoroughly, and not easily giving money to this type of fraud is important to prevent the spread of damage.