Anti-Malware Research

Cryptolocker weekly haul? More than 10k victims

Bitdefender Labs researchers have reverse-engineered the Cryptolocker domain generation algorythm and sinkholed the relevant domains between October 27 and November 1.

During that period, 12016 infected hosts tried to contact the sinkholed domains; the majority of connection attempts came from US-based IP addresses. in fact, judging by the distribution of infected hosts and the payment methods available, it would seem that only systems in the US are targeted, with the rest being collateral damage.



The domain generation algorithm is used to avoid the possibility that the network gets shut down by authorities, by generating new command and control subdomains every day. However, once it has been reverse engineered, security researchers can pre-register the relevant domains and count connection attempts.

Cryptolocker servers are changed very often – it is rare that a command and control server remains online for more than a week. During the monitored period, command and control servers were located in Russia, Germany, Kazakhstan and the Ukraine – but this is simply an indication of the controllers’ predilection for constant “server-hopping”.

Almost all the cryptolocker command and control servers also host a public payment service through which victims can purchase decryption keys.






Bitdefender detects and blocks Cryptolocker, as usual. An encryption-blocking tool can also be found here.

About the author


Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking. Razvan Stoica started off writing for a science monthly and was the chief editor of a science fiction magazine for a short while before moving on to the University of Medicine in Bucharest where he lectured on the English language. Recruited by Bitdefender in 2004 to add zest to the company's online presence, he has fulfilled a bevy of roles within the company since. In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.


Click here to post a comment