CTB-Locker Dangerous Ransomware

Users Shouldn’t Open Suspicion Files From Strange E-Mails


Infection vectors for CTB-Locker range from drive-by attacks to specially-crafted email attachments that, once executed, connect to a C&C server and download the malware. We strongly encourage that all users should be educated about general security rules, as to avoid clicking suspect links or opening email attachments coming from untrusted sources.
Because each CTB-Locker sample is unique and randomly generated, no anti-malware vendor can guarantee that all samples will be detected. We are monitoring the malware family trying to come up with detection methods that are as proactive as possible.

We have now developed a vaccine that allows users to immunize their computers and block any file encryption attempts, even if they become infected with the malware.

Please make sure that your security solution is constantly updated and that all its features are enabled. Bitdefender’s AVC (Active Virus Control) relies on heuristic signatures that identify the behavior of the malware, even if the sample has never been seen before. However, because samples are constantly “engineered” to avoid all anti-malware detections, keeping up with these new samples is not an easy task.

Here are a couple of security best practices that you can adhere to, as to minimize the risks of being infected with CTB-Locker:

• Use an antivirus solution that is constantly updated and able to perform active scanning;
• Keep your Windows operating system updated with the latest security patches;
• Schedule file backups (either locally on in the cloud), so data can be recovered in case of corruption;
• Follow safe internet practices by not visiting questionable websites, not clicking links or opening attachments in emails from uncertain sources, and not providing personally identifiable information on public chats rooms or forums.

How to deal with CTB-Locker ransomware?

Bitdefender protects against all currently known versions of file encryption ransomware. So far, there have been two large waves of infections, and our products have promptly added signatures that can detect those variants. We’ve also started developing a generic behavior-based signature, that’s able to spot similar future versions. Malware developers are making our work increasingly difficult because they’re constantly developing new versions of this threat that can avoid all anti-malware detections mechanisms. However, our teams are hard at work in actively thwarting these attempts. It is vital that you use an up-to-date security solution and instruct employees not to open suspicious emails or attachments. Please refer to the following article for some additional best practices, as to protect yourself from ransomware.

Is it possible to decrypt files affected by this Trojan?

Currently, there is no way to retrieve the private key used to encrypt the files, without paying the ransom on the CTB Locker Site. Paying the ransom fee doesn't guarantee decryption and we do not recommend the procedure. Brute-forcing the encryption key is not realistic due to the large amount of time required to break the RSA-2048 key.
Restoring encrypted files can be possible via backups, file recovery tools, or (if they were not corrupted) from Shadow Volume Copies.

Bitdefender Protection

Bitdefender’s AVC (Active Virus Control) continuously monitors applications throughout their entire lifetime, looking for malware-like actions. Each malicious action is scored, and an overall score is computed for each process. When the overall score for a process reaches a threshold, the process is considered malicious and AVC will take action against it, based on the settings configured in your policy.
Besides AVC, Bitdefender’s IDS (Intrusion Detection System) also monitors the system for suspicious activities (e.g. unauthorized attempts to alter Bitdefender files, DLL injections, keylogging attempts etc.). Both modules, AVC and IDS, are designed to protect PCs against these types of advanced threats.
Because cyber-criminals constantly “engineer” new malware samples that avoid all anti-malware detections, no security solution guarantees 100% protection. To avoid ransomware infections, we recommend backing up important data on a regular basis, instruct employees to be cautions when opening attachments or emails received from untrusted sources, and exercise maximum care when executing suspicious files or clicking on dubious URLs.
If you encounter any type of threat, we will provide our best and swiftest assistance. Once you contact Bitdefender support, we will work with you in finding the best solution for solving your situation.