From the course: Ethical Hacking: Denial of Service
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Understanding Cryptolocker
From the course: Ethical Hacking: Denial of Service
Understanding Cryptolocker
- [Instructor] Cryptolocker has appeared in many evolutions. Let's take a look at how one of the more recent versions works. This version uses asymmetric encryption and bitcoin payment. The Cryptolocker ransomware is typically distributed through a botnet. When it first infiltrates the target, it copies itself onto disk with a randomly generated executable name. It then includes a startup command in the registry so that it can restart after a reboot. When Cryptolocker starts up, it attempts to communicate with its command and control server. It does this using its domain generation algorithm, as is usual with contemporary malware. It sends a message containing the version, the date, time of build, and the target name. If successful, it receives from the server a public key and the corresponding bitcoin address. A key is added to the registry with these values and a wallpaper file created containing instructions on how to pay the ransom. Cryptolocker then selects the files that it…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.