The Crypto Virus

One of the most popular instruments for cyber criminals

Learn all about the crypto virus.

The Hornetsecurity Email Continuity Service keeps your email traffic safe


The danger of Crypto Trojans

CEO fraud, phishing and crypto viruses are some of the most popular attacking methods that cyber criminals increasingly prefer. This is particularly the case with attacks on companies. The assailants are quite creative when it comes to converting their malicious proceedings into money.

This was impressively demonstrated by the recent attacks of Petya, WannaCry and Jaff. Amongst others, public institutions, such as British hospitals, were directly affected by polymorphic crypto viruses.

The same applies to large corporations, such as the pharmaceutical company Merck, various car manufacturers and telecommunication providers, who have also been victims of these blackmail trojans. In the end, however, it also affected smaller companies.

All you have to know about the crypto virus

This is how clever the attackers proceeded during the crypto virus Locky

Professional cyber criminals are quite ingenious when it comes to the infiltration of targeted systems. Even though many ransomware attacks, which are sent via email to the system, can be detected through specific characteristic like a faulty orthography. But not all cyber criminals are that negligent. This is why the attackers used a clever pretence for the crypto virusLocky, which a company employee would not associate with a ransomware attack, as the malware was disguised as an application.

The perpetrators used ordinary names and thus behaved very inconspicuously. The same applied to the composition of the applications as well as the other attachments, such as the photos of the seeming applicants. Crypto virus Locky hid itself in an inconspicuous ZIP file in the email attachment. Once opened, the attachment unfolded its full effect and carried out the encryption of the affected system. At this time, the users had only a restricted or no access at all to the files. The crypto virusspecifically infiltrated individual systems and even encrypted entire networks.

The crypto virus locky in a new form

In 2016 one could observe the ability of the crypto virus Locky within a short time, as the distribution took place very quickly. In this case, the cyber criminals showed their creative power: . The attackers used an invoice in the file attachment as a pretence. The demand and the invoice, which had been stated in the email, seemed convincing enough.

The activation occurred via a simple double mouse click. This started the process ofloading the Trojan to the target system through a disguised code and the encryption through the crypto virus began. Immediately after that,, the ransom demand was made through a program window.

The files of the affected parties could only be restored by a backup. There was no other possibility at that time. The problem lied in the various versions of the crypto virus Locky , for which no universal decryption key existed.. What’s more, the quality of the email content has steadily increased , so that these appeared very authentic.

The victims of a crypto virus are usually deceived

The users of the infected systems were offered a decryption of the files by purchasing a decryption software especially adapted to the user, This method can be seen as a ransom demand. The approach is common practice for cyber criminals who perform a ransomware attack. Even when the decryption software is received, it is not guaranteed that the user can access his data again. For this reason, IT professionals recommend not to pay the ransom.

State institution as decoy for the crypto virus

At a later stage of the attack wave, the crypto virus Locky reached its peak. The senders no longer just used companiy names, but also the names of official institutions such as The Federal Criminal Police Office. The email pretended tohave attached a security software . with whichthe ransomware could be completely removed on the affected computers. The file was, however, the attached Trojan horse, which is ultimately the access to the crypto virus. Even this approach of the perpetrators was successful.

Advanced Threat Protection not only protects you against crypto viruses:

Protection from ransomware

Protection from blended attacks

Protection from digital espionage

Protect your company against Ransomware with Hornetsecurity Advanced ThreatProtection:

Without any payment information. Set up in a few minutes.

Try out our product now!

By prodiding just a few details, you can also try out Advanced Threat Protection right now for 30 days with no obligation. Simply create an account and in just a few minutes your employees and IT systems will enjoy additional protection.



Further Questions?



Diese Kunden setzen auf die Services von Hornetsecurity

Kunden Hornetsecurity Cloud Security E-Mail Security