CTB Locker Ransomware Targets French Companies

A spam campaign delivering CTB Locker is targeting employees from French companies, Bitdefender researchers found.

The spam e-mails carry an attachment,a .cab file and a message claiming to be from a co-worker of the victim . The e-mails look like authentic bills and are allegedly sent to management departments.

The e-mails invite people to open the .cab file, an auto-executable Microsoft archive. Once accessed, the CTB Locker cryptoware executes itself on the user’s computer and ciphers any file found on the computer, along with everything it`s connected to ” including external hard drive disks, file servers and backups.

The company is urged to pay a ransom to recover the encrypted files, within a very short period of time ” usually 72 hours.

How can users and companies protect themselves?

The e-mails usurp the identity of the victim’s co-worker, which adds a layer of trust and credibility to the scam . They are well-written, in the language of the user, making it even harder to identitfy the scam. Users are advised to be extremely careful when opening e-mails from unknown senders, especially if they carry an attachment ” it`s quite unusual to receive a .cab document. It`s also critical to use an anti-malware solution that proactively protects against threats, and to perform external backup of the company`s data on a regular basis in order to avoid losing valuable data with a double-click.

This article is based on information provided courtesy of Profil Technology and Bitdefender researchers.