Security Researchers have come across a new variants of the Crypto-Ransomware that is designed to encrypt files on infected machines.
One of the variants spotted by Trend Micro, dubbed as CryptoBlocker, infects only files smaller than 100Mb in size and will not infect system and application files.
TrendMicro said this new variant does not use CryptoAPIs and uses Advanced Encryption Standard(AES) to encrypt files instead of RSA.
Researchers believe the author of this variant might be new to creation of ransomware because the compiler notes haven't been removed from this binary.
Another variant spotted by both Symantec and TrendMicro Researchers uses GnuPG, an open source implementation of the OpenPGP standard, to encrypt files.
"The threat downloads the 1024-bit RSA public key and imports this key through an option in GnuPG. The malware then encrypts the victims’ files by using GnuPG’s Encrypt Files option with the public key." Symantec researchers wrote.
The victims won't be able to decrypt the encrypted files without the private key which is in the hands of cyber criminals. The malware asks users to pay about $200 to get the key.
One more variant of the Ransomware spotted by TrendMicro as Critroni or Curve-Tor-Bitcoin (CTB) Locker, uses TOR to mask its command and control server(C&C) communications.