• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 24th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Scams and Fraud

Fake Google Chrome update leads to CTB Locker/Critroni Ransomware

February 5th, 2015 Waqas Cyber Crime, Malware, Scams and Fraud, Security 0 comments
Fake Google Chrome update leads to CTB Locker/Critroni Ransomware
Share on FacebookShare on Twitter

A ransomware kind of threat has been on the loose that works by encrypting the data on the infected computer and then displays a message to the victim asking him/her to pay a fee so as to unlock the files. The ransomware is called Critron or can also be referred to as the CTB-Locker.

Chrome installers are downloaded from multiple locations:

The harmful payload is downloaded from websites that happen to be attacked by the hackers for the purpose of hosting malicious piece, Jerome Segura from Malwarebytes reported.

fake-google-chrome-update-leads-to-ctb-lockercritroni-ransomware-2

The threat works by redirecting the user dynamically to a website determined to be at assetdigitalmarketing[.]com/redirect[.]php. The next the victim sees is a sort of file appearing to be an installer for Google Chrome. The encryption process begins as soon as the installer is launched and at the end of the operation, the ransom message is delivered.

fake-google-chrome-update-leads-to-ctb-lockercritroni-ransomware

One can access the data without paying the ransom if the malware is of an older version. This is because the older version does not delete the shadow copies of the files created by Windows Volume Shadow Service. However, in the event that the files are not recovered, the items can still be retrieved through a program called Shadow Explorer; still, every version does not have this fault.

New CTB-Locker is pricier than before:

An extended grace period for making the bitcoin payment comes with the latest versions of Critroni which extends the period to 96 hours rather than the original 72. However, there is a higher cost attached to this; in the summer 2014, the demand was a few more hundred dollars instead of less than 50.

As a sign of good faith, it also contains versions of ransom message in various languages that allows one to decrypt a total of five items.

The newest release of ransomware have seemingly been caught by Malwarebytes (detected as Trojan.ZBAgent.NS), as the payment request if for 2 bitcoins (currently about $450/€400) with 96 hours being the deadline. The victim’s files are encrypted when the waiting period gets over after which the decrypting key also gets deleted from the server.

Google Chrome is activated automatically in the background without the user’s need to intervene; this should be remembered by users whenever they encounter the scam. When the user re-launches the application, the new version becomes available and the entire process runs smoothly.

Internet Explorer receives its updates via Windows Update while Mozilla Firefox has an automatic update process.

The new program version does not have its notifications delivered through the email and there are alerts built in the program. Therefore it is wise to verify any available revision of an application in question rather than updating from link received through an email.

Follow @HackRead

  • Tags
  • Chrome
  • CTB-Locker.
  • Google
  • Malware
  • Privacy
  • Ransomware
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Pro-Assad Hackers Used Female Avatars To Steal Data From Syrian Opposition
Next article Fake WhatsApp for Web Spams the Internet, heaven for cyber criminals
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Massive privacy risk as hacker sold 2 million MyFreeCams user records

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

56
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

112
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

545

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us