388:, 41% of those who claimed to be victims said that they had decided to pay the ransom, a proportion much larger than expected; Symantec had estimated that 3% of victims had paid and Dell SecureWorks had estimated that 0.4% of victims had paid. Following the shutdown of the botnet that had been used to distribute CryptoLocker, it was calculated that about 1.3% of those infected had paid the ransom; many had been able to recover files which had been backed up, and others are believed to have lost huge amounts of data. Nonetheless, the operators were believed to have extorted a total of around $ 3 million.
149:
or a pre-paid cash voucher) was made by a stated deadline, and it threatened to delete the private key if the deadline passes. If the deadline was not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. There
339:
some time for encryption to take place; immediate removal of the malware (a relatively simple process) before it has completed would limit its damage to data. Experts suggested precautionary measures, such as using software or other security policies to block the CryptoLocker payload from launching.
338:
While security software is designed to detect such threats, it might not detect CryptoLocker at all, or only after encryption is underway or complete, particularly if a new version unknown to the protective software is distributed. If an attack is suspected or detected in its early stages, it takes
290:
In
November 2013, the operators of CryptoLocker launched an online service that claimed to allow users to decrypt their files without the CryptoLocker program, and to purchase the decryption key after the deadline had expired; the process involved uploading an encrypted file to the site as a sample
175:
that had been used to distribute the malware. During the operation, a security firm involved in the process obtained the database of private keys used by CryptoLocker, which was in turn used to build an online tool for recovering the keys and files without paying the ransom. It is believed that the
329:
As part of the operation, the Dutch security firm Fox-IT was able to procure the database of private keys used by CryptoLocker; in August 2014, Fox-IT and fellow firm FireEye introduced an online service which allows infected users to retrieve their private key by uploading a sample file, and then
1368:
281:(BTC) within 72 or 100 hours (while starting at 2 BTC, the ransom price has been adjusted down to 0.3 BTC by the operators to reflect the fluctuating value of bitcoin), or else the private key on the server would be destroyed, and "nobody and never [
287:] will be able to restore files." Payment of the ransom allows the user to download the decryption program, which is pre-loaded with the user's private key. Some infected victims claim that they paid the attackers but their files were not decrypted.
176:
operators of CryptoLocker successfully extorted a total of around $ 3 million from victims of the trojan. Other instances of encryption-based ransomware that have followed have used the "CryptoLocker" name (or variations), but are otherwise unrelated.
346:
backups made before the infection that are inaccessible from infected computers cannot be attacked by CryptoLocker). Due to the length of the key employed by CryptoLocker, experts considered it practically impossible to use a
291:
and waiting for the service to find a match; the site claimed that a match would be found within 24 hours. Once found, the user could pay for the key online; if the 72-hour deadline passed, the cost increased to 10 bitcoin.
897:
351:
to obtain the key needed to decrypt files without paying ransom; the similar 2008 trojan Gpcode.AK used a 1024-bit key that was believed to be large enough to be computationally infeasible to break without a concerted
376:
traced four bitcoin addresses posted by users who had been infected by CryptoLocker, in an attempt to gauge the operators' takings. The four addresses showed movement of 41,928 BTC between 15 October and 18
1459:
838:
874:
419:
to indicate a failed parcel delivery) as a payload. To evade detection by automatic e-mail scanners that can follow links, this variant was designed to require users to visit a web page and enter a
400:
ransomware trojans working in essentially the same way, including some that refer to themselves as "CryptoLocker"—but are, according to security researchers, unrelated to the original CryptoLocker.
710:
342:
Due to the nature of CryptoLocker's operation, some experts reluctantly suggested that paying the ransom was the only way to recover files from CryptoLocker in the absence of current backups (
486:
1534:
1339:
1286:
630:
905:
1255:
808:
1005:
1372:
1085:
145:, with the private key stored only on the malware's control servers. The malware then displayed a message which offered to decrypt the data if a payment (through either
1428:
741:
1887:
775:
153:
Although CryptoLocker itself was easily removed, the affected files remained encrypted in a way which researchers considered unfeasible to break. Many said that the
1907:
1059:
866:
1402:
674:
1451:
830:
600:
223:
that causes it to run on startup. It then attempts to contact one of several designated command and control servers; once connected, the server generates a
1313:
702:
157:
should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been
478:
1599:
1573:
1526:
1119:
2521:
1343:
2059:
1278:
30:
This article is about specific ransomware software called CryptoLocker. For other similar software, some using the CryptoLocker name, see
1877:
565:
1867:
626:
1821:
974:
935:
1247:
415:
Application"), began spreading in
Australia; the ransomware uses infected e-mails, purportedly sent by government departments (e.g.
804:
2455:
997:
1077:
364:
against its own encryption using its database of keys, explaining the requirement to wait up to 24 hours to receive a result.
1636:
1424:
928:"U.S. Leads Multi-National Action Against "Gameover Zeus" Botnet and "Cryptolocker" Ransomware, Charges Botnet Administrator"
733:
1035:
1991:
767:
517:
2405:
1872:
1208:"Results of online survey by Interdisciplinary Research Centre in Cyber Security at the University of Kent in Canterbury"
300:
1207:
2539:
2022:
1800:
1566:
245:
with the public key, and logs each file encrypted to a registry key. The process only encrypts data files with certain
216:
1056:
261:
files. The payload displays a message informing the user that files have been encrypted, and demands a payment of 400
2545:
2071:
2032:
1667:
1185:
1142:
1394:
664:
322:
which had been used to distribute CryptoLocker and other malware. The
Department of Justice also publicly issued an
2605:
2551:
2126:
2017:
1846:
2599:
1309:
592:
543:
1953:
1790:
1692:
1066:: "... was able to go undetected by the antivirus software used by the Yuma Sun because it was Zero-day malware"
3064:
3059:
3002:
2012:
1785:
1754:
3079:
1892:
1805:
1604:
1594:
1559:
427:
determined that these new variants, which it identified as "CryptoLocker.F", were not tied to the original.
2766:
2156:
1943:
1882:
1841:
1739:
2503:
2261:
1996:
1759:
2096:
238:
and go through others, frequently relocated in different countries to make tracing them more difficult.
3069:
2950:
2291:
2146:
1938:
1831:
1775:
196:
attached to an email message contains an executable file with the filename and the icon disguised as a
17:
1697:
2431:
2400:
2027:
1986:
3084:
2569:
2136:
2054:
1960:
1933:
197:
115:
68:
1310:"Your files held hostage by CryptoDefense? Don't pay up! The decryption key is on your hard drive"
1111:
360:
security analyst Paul
Ducklin speculated that CryptoLocker's online decryption service involved a
2725:
2389:
1862:
1795:
1641:
231:
142:
204:
from file names to disguise the real .EXE extension. CryptoLocker was also propagated using the
161:. Some victims claimed that paying the ransom did not always lead to the files being decrypted.
2286:
1948:
1928:
3049:
2787:
2740:
2648:
2575:
2359:
1723:
353:
270:
31:
1970:
1826:
898:"Wham bam: Global Operation Tovar whacks CryptoLocker ransomware & GameOver Zeus botnet"
566:"'Operation Tovar' Targets 'Gameover' ZeuS Botnet, CryptoLocker Scourge – Krebs on Security"
2384:
1749:
958:
927:
262:
8:
3074:
3054:
2874:
1902:
1718:
212:
2231:
3044:
3012:
3007:
2904:
2533:
2296:
2222:
1912:
1713:
385:
348:
326:
against the
Russian hacker Evgeniy Bogachev for his alleged involvement in the botnet.
227:
201:
130:
on 5 September 2013. It propagated via infected email attachments, and via an existing
2235:
1744:
3017:
2899:
2869:
2473:
2329:
1687:
1651:
966:
669:
361:
193:
123:
91:
2945:
2797:
2720:
2369:
2306:
2181:
1630:
867:"CryptoLocker creators try to extort even more money from victims with new service"
343:
250:
220:
185:
2643:
407:(whose payload identifies itself as "CryptoLocker", but is named for its use of a
224:
2955:
2930:
2894:
2822:
2735:
2730:
2374:
2166:
2076:
1780:
1063:
1031:
451:
304:
165:
2694:
2689:
2379:
2364:
2354:
2349:
2281:
2256:
2251:
2246:
2191:
1965:
1646:
509:
424:
416:
356:
effort, or the discovery of a flaw that could be used to break the encryption.
246:
58:
1836:
479:"You're infected—if you want to see your data again, pay us $ 300 in Bitcoins"
307:—a consortium constituting a group of law enforcement agencies (including the
3038:
2817:
2276:
2227:
1218:
1180:
970:
831:"CryptoLocker crooks charge 10 Bitcoins for second-chance decryption service"
404:
397:
316:
242:
205:
169:
131:
141:
certain types of files stored on local and mounted network drives using RSA
114:
that occurred from 5 September 2013 to late May 2014. The attack utilized a
2715:
2515:
2479:
2334:
2324:
2217:
2212:
2207:
2081:
1897:
408:
254:
235:
1175:
1152:
315:), security software vendors, and several universities, had disrupted the
2997:
2987:
2935:
2843:
2699:
2509:
2339:
2201:
2066:
1078:"Cryptolocker Ransomware: What You Need To Know, last updated 06/02/2014"
800:
104:
627:"'Operation Tovar' Targets 'Gameover' ZeuS Botnet, CryptoLocker Scourge"
2940:
2925:
2853:
2593:
2497:
2449:
2425:
2413:
2271:
2196:
2186:
2176:
2161:
2121:
2046:
1677:
1551:
703:"Cryptolocker: How to avoid getting infected and what to do if you are"
539:
412:
323:
138:
111:
48:
2971:
2848:
2812:
2802:
2674:
2491:
2241:
2171:
2111:
1672:
734:"Destructive malware "CryptoLocker" on the loose – here's what to do"
805:"CryptoLocker's crimewave: A trail of millions in laundered Bitcoin"
192:
message, which appears to have been sent by a legitimate company. A
2879:
2807:
2792:
2611:
2587:
2461:
2443:
2344:
2266:
2101:
2086:
446:
441:
312:
200:
file, taking advantage of
Windows' default behaviour of hiding the
150:
was no guarantee that payment would release the encrypted content.
127:
119:
1504:
2909:
2782:
2745:
2679:
2658:
2628:
2581:
2563:
2485:
2419:
2116:
2106:
2091:
420:
278:
258:
146:
1482:
2992:
2884:
2838:
2653:
2467:
2437:
2316:
2301:
2131:
1682:
357:
319:
172:
158:
154:
134:
1369:"Australians increasingly hit by global tide of cryptomalware"
1112:"Fiendish CryptoLocker ransomware: Whatever you do, don't PAY"
2617:
2557:
2527:
1147:
593:"Cryptolocker Infections on the Rise; US-CERT Issues Warning"
436:
373:
274:
241:
The payload then encrypts files across local hard drives and
189:
2889:
2684:
1279:"CryptoDefense ransomware leaves decryption key accessible"
1270:
1248:"Australia specifically targeted by Cryptolocker: Symantec"
1143:"Blackmail ransomware returns with 1024-bit encryption key"
998:"New Site Recovers Files Locked by Cryptolocker Ransomware"
823:
266:
510:"Cryptolocker ransomware has 'infected about 250,000 PCs'"
1868:
403:
In
September 2014, further clones such as CryptoWall and
308:
283:
234:
back to the infected computer. The server may be a local
768:"CryptoLocker attacks that hold your computer to ransom"
761:
759:
1425:"TorrentLocker now targets UK with Royal Mail phishing"
795:
793:
756:
303:
officially announced that over the previous weekend,
1241:
1239:
959:"Inside the Hunt for Russia's Most Notorious Hacker"
587:
585:
583:
126:, and was believed to have first been posted to the
1452:"Scammers use Australia Post to mask email attacks"
665:"CryptoLocker Ransomware Information Guide and FAQ"
1417:
1217:. University of Kent in Canterbury. Archived from
790:
725:
472:
470:
468:
466:
1236:
1032:"Cryptolocker victims to get files back for free"
696:
694:
692:
580:
294:
269:through an anonymous pre-paid cash voucher (i.e.
3036:
860:
858:
856:
423:code before the payload is actually downloaded.
396:The success of CryptoLocker spawned a number of
1908:Russian interference in the 2016 U.S. elections
1363:
1361:
1340:"New CryptoLocker Spreads via Removable Drives"
463:
164:CryptoLocker was isolated in late May 2014 via
1443:
1176:"Ransomware resisting crypto cracking efforts"
689:
1567:
1527:"Ransomware attack knocks TV station off air"
1518:
1395:"Cryptolocker 2.0 – new version, or copycat?"
1167:
989:
934:(Press release). U.S. Department of Justice.
853:
1358:
1069:
920:
381:— about US$ 27 million at that time.
1878:Democratic National Committee cyber attacks
1333:
1331:
1105:
1103:
1025:
1023:
620:
618:
1822:Office of Personnel Management data breach
1574:
1560:
889:
864:
658:
656:
654:
652:
650:
648:
1581:
1387:
1328:
1100:
1020:
765:
615:
501:
184:CryptoLocker typically propagated as an
1307:
1140:
1134:
1075:
731:
700:
32:Ransomware § Encrypting ransomware
14:
3037:
1449:
1337:
1245:
1109:
1088:from the original on 27 September 2022
1057:The Yuma Sun, on a CryptoLocker attack
865:Constantin, Lucian (4 November 2013).
645:
546:from the original on 14 September 2017
507:
476:
1555:
1524:
1405:from the original on 22 November 2016
1316:from the original on 26 December 2016
1173:
995:
956:
938:from the original on 3 September 2014
895:
811:from the original on 23 December 2013
701:Hassell, Jonathan (25 October 2013).
677:from the original on 17 November 2013
624:
257:, and other documents, pictures, and
1537:from the original on 12 October 2016
1462:from the original on 16 October 2014
1431:from the original on 21 October 2014
1338:Pichel, Abigail (26 December 2013).
1276:
1122:from the original on 18 October 2013
1038:from the original on 13 January 2020
1029:
841:from the original on 19 January 2021
799:
489:from the original on 23 October 2013
1873:Commission on Elections data breach
1258:from the original on 7 October 2014
977:from the original on 5 January 2020
957:Graff, Garrett M. (21 March 2017).
766:Ferguson, Donna (19 October 2013).
301:United States Department of Justice
24:
1375:from the original on 29 March 2016
1246:Budmar, Patrick (3 October 2014).
1076:Cannell, Joshua (8 October 2013).
877:from the original on 30 April 2017
662:
520:from the original on 22 March 2019
384:In a survey by researchers at the
25:
3096:
2033:Jeff Bezos phone hacking incident
1502:
1480:
1188:from the original on 3 March 2016
778:from the original on 5 March 2017
732:Ducklin, Paul (12 October 2013).
713:from the original on 2 April 2019
603:from the original on 10 June 2016
2606:Microarchitectural Data Sampling
1842:Ukrainian Power Grid Cyberattack
1750:Cyberterrorism attack of June 25
1483:"Cryptolocker Ransomware attack"
1450:Turner, Adam (15 October 2014).
1289:from the original on 3 July 2014
1110:Leyden, Josh (18 October 2013).
1008:from the original on 7 June 2017
633:from the original on 4 June 2014
508:Kelion, Leo (24 December 2013).
1954:2017 Ukraine ransomware attacks
1791:2014 JPMorgan Chase data breach
1525:Ragan, Steve (7 October 2014).
1496:
1474:
1301:
1200:
1050:
996:Krebs, Brian (15 August 2014).
950:
744:from the original on 8 May 2017
477:Goodin, Dan (17 October 2013).
1786:2014 celebrity nude photo leak
1308:Thomson, Iain (3 April 2014).
1174:Lemos, Robert (13 June 2008).
896:Storm, Darlene (2 June 2014).
558:
532:
295:Takedown and recovery of files
277:), or an equivalent amount in
219:folder, and adds a key to the
137:. When activated, the malware
101:CryptoLocker ransomware attack
13:
1:
2023:Bulgarian revenue agency hack
1801:Russian hacker password theft
1342:. Trend Micro. Archived from
1277:Kirk, Jeremy (1 April 2014).
1141:Naraine, Ryan (6 June 2008).
457:
398:unrelated and similarly named
367:
333:
2157:Bangladesh Black Hat Hackers
1633:(publication of 2009 events)
1030:Ward, Mark (6 August 2014).
625:Krebs, Brian (2 June 2014).
179:
7:
2018:Baltimore ransomware attack
430:
330:receive a decryption tool.
10:
3101:
2292:Tailored Access Operations
1939:WannaCry ransomware attack
1832:Ashley Madison data breach
1776:Anthem medical data breach
1693:PlayStation network outage
1427:. ESET. 4 September 2014.
1401:. ESET. 19 December 2013.
29:
2980:
2964:
2918:
2862:
2831:
2775:
2754:
2708:
2667:
2636:
2627:
2398:
2315:
2145:
2045:
2028:WhatsApp snooping scandal
2005:
1979:
1921:
1893:Indian Bank data breaches
1855:
1814:
1768:
1732:
1706:
1660:
1623:
1616:
1587:
391:
188:to a seemingly innocuous
87:
82:
74:
64:
54:
44:
39:
2570:Speculative Store Bypass
2137:Ukrainian Cyber Alliance
1934:2017 Macron e-mail leaks
230:key pair, and sends the
1944:Westminster data breach
1863:Bangladesh Bank robbery
1806:2014 Yahoo! data breach
1796:2014 Sony Pictures hack
1755:2013 Yahoo! data breach
1740:South Korea cyberattack
1642:Operation Olympic Games
1637:Australian cyberattacks
215:installs itself in the
143:public-key cryptography
2287:Syrian Electronic Army
1997:SingHealth data breach
1760:Singapore cyberattacks
1698:RSA SecurID compromise
1062:8 October 2017 at the
168:, which took down the
3065:Cryptographic attacks
3060:September 2013 events
2576:Lazy FP state restore
2360:Kristoffer von Hassel
2013:Sri Lanka cyberattack
1883:Vietnam Airport Hacks
1724:Operation High Roller
1456:Sydney Morning Herald
1082:Malwarebytes Unpacked
904:. IDG. Archived from
629:. Krebs on Security.
243:mapped network drives
3080:Hacking in the 2010s
2522:Silent Bob is Silent
1582:Hacking in the 2010s
803:(22 December 2013).
599:. 19 November 2013.
299:On 2 June 2014, the
211:When first run, the
2456:SS7 vulnerabilities
1992:Atlanta cyberattack
1961:Equifax data breach
1719:Stratfor email leak
1668:Canadian government
1647:Operation ShadowNet
1505:"Ransomware attack"
1346:on 28 December 2013
837:. 4 November 2013.
208:trojan and botnet.
2905:Petya and NotPetya
2534:ROCA vulnerability
2297:The Shadow Brokers
2223:Iranian Cyber Army
2149:persistent threats
1949:Petya and NotPetya
1913:2016 Bitfinex hack
1888:DCCC cyber attacks
1847:SWIFT banking hack
663:Abrams, Lawrence.
386:University of Kent
372:In December 2013,
349:brute-force attack
3070:2013 in computing
3030:
3029:
3026:
3025:
3018:ZeroAccess botnet
2330:Mustafa Al-Bassam
2097:New World Hackers
2060:associated events
2041:
2040:
1837:VTech data breach
1688:Operation AntiSec
1652:Operation Payback
1611:
1610:
1002:Krebs on Security
670:Bleeping Computer
362:dictionary attack
124:Microsoft Windows
97:
96:
83:Technical details
16:(Redirected from
3092:
2634:
2633:
2307:Yemen Cyber Army
1631:Operation Aurora
1621:
1620:
1590:
1589:
1576:
1569:
1562:
1553:
1552:
1547:
1546:
1544:
1542:
1522:
1516:
1515:
1513:
1511:
1500:
1494:
1493:
1491:
1489:
1478:
1472:
1471:
1469:
1467:
1447:
1441:
1440:
1438:
1436:
1421:
1415:
1414:
1412:
1410:
1391:
1385:
1384:
1382:
1380:
1365:
1356:
1355:
1353:
1351:
1335:
1326:
1325:
1323:
1321:
1312:. The Register.
1305:
1299:
1298:
1296:
1294:
1274:
1268:
1267:
1265:
1263:
1243:
1234:
1233:
1231:
1229:
1223:
1212:
1204:
1198:
1197:
1195:
1193:
1171:
1165:
1164:
1162:
1160:
1155:on 3 August 2008
1151:. Archived from
1138:
1132:
1131:
1129:
1127:
1107:
1098:
1097:
1095:
1093:
1073:
1067:
1054:
1048:
1047:
1045:
1043:
1027:
1018:
1017:
1015:
1013:
993:
987:
986:
984:
982:
954:
948:
947:
945:
943:
924:
918:
917:
915:
913:
893:
887:
886:
884:
882:
862:
851:
850:
848:
846:
827:
821:
820:
818:
816:
797:
788:
787:
785:
783:
763:
754:
753:
751:
749:
729:
723:
722:
720:
718:
698:
687:
686:
684:
682:
660:
643:
642:
640:
638:
622:
613:
612:
610:
608:
589:
578:
577:
575:
573:
562:
556:
555:
553:
551:
536:
530:
529:
527:
525:
505:
499:
498:
496:
494:
474:
380:
251:Microsoft Office
37:
36:
21:
3100:
3099:
3095:
3094:
3093:
3091:
3090:
3089:
3085:Windows trojans
3035:
3034:
3031:
3022:
2976:
2960:
2914:
2858:
2827:
2771:
2750:
2704:
2663:
2623:
2403:
2401:vulnerabilities
2394:
2311:
2204:(confederation)
2167:Charming Kitten
2148:
2141:
2077:Goatse Security
2037:
2001:
1975:
1966:Deloitte breach
1917:
1903:Dyn cyberattack
1851:
1810:
1781:Operation Tovar
1764:
1728:
1702:
1656:
1617:Major incidents
1612:
1583:
1580:
1550:
1540:
1538:
1523:
1519:
1509:
1507:
1501:
1497:
1487:
1485:
1479:
1475:
1465:
1463:
1448:
1444:
1434:
1432:
1423:
1422:
1418:
1408:
1406:
1393:
1392:
1388:
1378:
1376:
1367:
1366:
1359:
1349:
1347:
1336:
1329:
1319:
1317:
1306:
1302:
1292:
1290:
1275:
1271:
1261:
1259:
1244:
1237:
1227:
1225:
1224:on 8 March 2014
1221:
1210:
1206:
1205:
1201:
1191:
1189:
1172:
1168:
1158:
1156:
1139:
1135:
1125:
1123:
1108:
1101:
1091:
1089:
1074:
1070:
1064:Wayback Machine
1055:
1051:
1041:
1039:
1028:
1021:
1011:
1009:
994:
990:
980:
978:
955:
951:
941:
939:
926:
925:
921:
911:
909:
894:
890:
880:
878:
863:
854:
844:
842:
829:
828:
824:
814:
812:
798:
791:
781:
779:
764:
757:
747:
745:
730:
726:
716:
714:
699:
690:
680:
678:
661:
646:
636:
634:
623:
616:
606:
604:
591:
590:
581:
571:
569:
564:
563:
559:
549:
547:
538:
537:
533:
523:
521:
506:
502:
492:
490:
475:
464:
460:
433:
394:
378:
370:
336:
305:Operation Tovar
297:
182:
166:Operation Tovar
35:
28:
23:
22:
15:
12:
11:
5:
3098:
3088:
3087:
3082:
3077:
3072:
3067:
3062:
3057:
3052:
3047:
3028:
3027:
3024:
3023:
3021:
3020:
3015:
3010:
3005:
3000:
2995:
2990:
2984:
2982:
2978:
2977:
2975:
2974:
2968:
2966:
2962:
2961:
2959:
2958:
2953:
2948:
2943:
2938:
2933:
2928:
2922:
2920:
2916:
2915:
2913:
2912:
2907:
2902:
2897:
2892:
2887:
2882:
2877:
2872:
2866:
2864:
2860:
2859:
2857:
2856:
2851:
2846:
2841:
2835:
2833:
2829:
2828:
2826:
2825:
2820:
2815:
2810:
2805:
2800:
2795:
2790:
2788:Black Energy 3
2785:
2779:
2777:
2773:
2772:
2770:
2769:
2764:
2758:
2756:
2752:
2751:
2749:
2748:
2743:
2738:
2733:
2728:
2723:
2718:
2712:
2710:
2706:
2705:
2703:
2702:
2697:
2695:Metulji botnet
2692:
2687:
2682:
2677:
2671:
2669:
2665:
2664:
2662:
2661:
2656:
2651:
2649:Black Energy 2
2646:
2640:
2638:
2631:
2625:
2624:
2622:
2621:
2615:
2609:
2603:
2597:
2591:
2585:
2579:
2573:
2567:
2561:
2555:
2549:
2543:
2537:
2531:
2525:
2519:
2513:
2507:
2504:Broadcom Wi-Fi
2501:
2495:
2489:
2483:
2477:
2471:
2465:
2459:
2453:
2447:
2441:
2435:
2429:
2423:
2417:
2410:
2408:
2396:
2395:
2393:
2392:
2387:
2382:
2377:
2372:
2367:
2365:Junaid Hussain
2362:
2357:
2355:Jeremy Hammond
2352:
2350:Elliott Gunton
2347:
2342:
2337:
2332:
2327:
2321:
2319:
2313:
2312:
2310:
2309:
2304:
2299:
2294:
2289:
2284:
2282:Stealth Falcon
2279:
2274:
2269:
2264:
2259:
2257:PLA Unit 61486
2254:
2252:PLA Unit 61398
2249:
2247:Numbered Panda
2244:
2239:
2225:
2220:
2215:
2210:
2205:
2199:
2194:
2192:Equation Group
2189:
2184:
2179:
2174:
2169:
2164:
2159:
2153:
2151:
2143:
2142:
2140:
2139:
2134:
2129:
2124:
2119:
2114:
2109:
2104:
2099:
2094:
2089:
2084:
2079:
2074:
2069:
2064:
2063:
2062:
2051:
2049:
2043:
2042:
2039:
2038:
2036:
2035:
2030:
2025:
2020:
2015:
2009:
2007:
2003:
2002:
2000:
1999:
1994:
1989:
1983:
1981:
1977:
1976:
1974:
1973:
1968:
1963:
1958:
1957:
1956:
1946:
1941:
1936:
1931:
1925:
1923:
1919:
1918:
1916:
1915:
1910:
1905:
1900:
1895:
1890:
1885:
1880:
1875:
1870:
1865:
1859:
1857:
1853:
1852:
1850:
1849:
1844:
1839:
1834:
1829:
1824:
1818:
1816:
1812:
1811:
1809:
1808:
1803:
1798:
1793:
1788:
1783:
1778:
1772:
1770:
1766:
1765:
1763:
1762:
1757:
1752:
1747:
1742:
1736:
1734:
1730:
1729:
1727:
1726:
1721:
1716:
1710:
1708:
1704:
1703:
1701:
1700:
1695:
1690:
1685:
1683:HBGary Federal
1680:
1675:
1670:
1664:
1662:
1658:
1657:
1655:
1654:
1649:
1644:
1639:
1634:
1627:
1625:
1618:
1614:
1613:
1609:
1608:
1602:
1597:
1588:
1585:
1584:
1579:
1578:
1571:
1564:
1556:
1549:
1548:
1517:
1495:
1473:
1442:
1416:
1399:WeLiveSecurity
1386:
1357:
1327:
1300:
1269:
1235:
1199:
1166:
1133:
1099:
1068:
1049:
1019:
988:
949:
919:
908:on 3 July 2014
888:
852:
822:
789:
755:
738:Naked Security
724:
688:
644:
614:
579:
557:
540:"CryptoLocker"
531:
500:
461:
459:
456:
455:
454:
449:
444:
439:
432:
429:
417:Australia Post
393:
390:
369:
366:
335:
332:
296:
293:
181:
178:
118:that targeted
95:
94:
89:
85:
84:
80:
79:
76:
75:Isolation date
72:
71:
66:
65:Classification
62:
61:
56:
52:
51:
46:
42:
41:
26:
9:
6:
4:
3:
2:
3097:
3086:
3083:
3081:
3078:
3076:
3073:
3071:
3068:
3066:
3063:
3061:
3058:
3056:
3053:
3051:
3048:
3046:
3043:
3042:
3040:
3033:
3019:
3016:
3014:
3011:
3009:
3006:
3004:
3001:
2999:
2996:
2994:
2991:
2989:
2986:
2985:
2983:
2979:
2973:
2970:
2969:
2967:
2963:
2957:
2954:
2952:
2949:
2947:
2944:
2942:
2939:
2937:
2934:
2932:
2929:
2927:
2924:
2923:
2921:
2917:
2911:
2908:
2906:
2903:
2901:
2898:
2896:
2893:
2891:
2888:
2886:
2883:
2881:
2878:
2876:
2873:
2871:
2868:
2867:
2865:
2861:
2855:
2852:
2850:
2847:
2845:
2842:
2840:
2837:
2836:
2834:
2830:
2824:
2821:
2819:
2818:Gameover ZeuS
2816:
2814:
2811:
2809:
2806:
2804:
2801:
2799:
2796:
2794:
2791:
2789:
2786:
2784:
2781:
2780:
2778:
2774:
2768:
2765:
2763:
2760:
2759:
2757:
2753:
2747:
2744:
2742:
2739:
2737:
2734:
2732:
2729:
2727:
2724:
2722:
2719:
2717:
2714:
2713:
2711:
2707:
2701:
2698:
2696:
2693:
2691:
2688:
2686:
2683:
2681:
2678:
2676:
2673:
2672:
2670:
2666:
2660:
2657:
2655:
2652:
2650:
2647:
2645:
2642:
2641:
2639:
2635:
2632:
2630:
2626:
2619:
2616:
2613:
2610:
2607:
2604:
2601:
2598:
2595:
2592:
2589:
2586:
2583:
2580:
2577:
2574:
2571:
2568:
2565:
2562:
2559:
2556:
2553:
2550:
2547:
2544:
2541:
2538:
2535:
2532:
2529:
2526:
2523:
2520:
2517:
2514:
2511:
2508:
2505:
2502:
2499:
2496:
2493:
2490:
2487:
2484:
2481:
2478:
2475:
2472:
2469:
2466:
2463:
2460:
2457:
2454:
2451:
2448:
2445:
2442:
2439:
2436:
2433:
2430:
2427:
2424:
2421:
2418:
2415:
2412:
2411:
2409:
2407:
2402:
2397:
2391:
2388:
2386:
2383:
2381:
2378:
2376:
2373:
2371:
2368:
2366:
2363:
2361:
2358:
2356:
2353:
2351:
2348:
2346:
2343:
2341:
2338:
2336:
2333:
2331:
2328:
2326:
2323:
2322:
2320:
2318:
2314:
2308:
2305:
2303:
2300:
2298:
2295:
2293:
2290:
2288:
2285:
2283:
2280:
2278:
2277:Rocket Kitten
2275:
2273:
2270:
2268:
2265:
2263:
2260:
2258:
2255:
2253:
2250:
2248:
2245:
2243:
2240:
2237:
2233:
2229:
2228:Lazarus Group
2226:
2224:
2221:
2219:
2216:
2214:
2211:
2209:
2206:
2203:
2200:
2198:
2195:
2193:
2190:
2188:
2185:
2183:
2180:
2178:
2175:
2173:
2170:
2168:
2165:
2163:
2160:
2158:
2155:
2154:
2152:
2150:
2144:
2138:
2135:
2133:
2130:
2128:
2125:
2123:
2120:
2118:
2115:
2113:
2110:
2108:
2105:
2103:
2100:
2098:
2095:
2093:
2090:
2088:
2085:
2083:
2080:
2078:
2075:
2073:
2070:
2068:
2065:
2061:
2058:
2057:
2056:
2053:
2052:
2050:
2048:
2044:
2034:
2031:
2029:
2026:
2024:
2021:
2019:
2016:
2014:
2011:
2010:
2008:
2004:
1998:
1995:
1993:
1990:
1988:
1985:
1984:
1982:
1978:
1972:
1971:Disqus breach
1969:
1967:
1964:
1962:
1959:
1955:
1952:
1951:
1950:
1947:
1945:
1942:
1940:
1937:
1935:
1932:
1930:
1927:
1926:
1924:
1920:
1914:
1911:
1909:
1906:
1904:
1901:
1899:
1896:
1894:
1891:
1889:
1886:
1884:
1881:
1879:
1876:
1874:
1871:
1869:
1866:
1864:
1861:
1860:
1858:
1854:
1848:
1845:
1843:
1840:
1838:
1835:
1833:
1830:
1828:
1825:
1823:
1820:
1819:
1817:
1813:
1807:
1804:
1802:
1799:
1797:
1794:
1792:
1789:
1787:
1784:
1782:
1779:
1777:
1774:
1773:
1771:
1767:
1761:
1758:
1756:
1753:
1751:
1748:
1746:
1745:Snapchat hack
1743:
1741:
1738:
1737:
1735:
1731:
1725:
1722:
1720:
1717:
1715:
1714:LinkedIn hack
1712:
1711:
1709:
1705:
1699:
1696:
1694:
1691:
1689:
1686:
1684:
1681:
1679:
1676:
1674:
1671:
1669:
1666:
1665:
1663:
1659:
1653:
1650:
1648:
1645:
1643:
1640:
1638:
1635:
1632:
1629:
1628:
1626:
1622:
1619:
1615:
1607: →
1606:
1603:
1601:
1598:
1596:
1593:←
1592:
1591:
1586:
1577:
1572:
1570:
1565:
1563:
1558:
1557:
1554:
1536:
1532:
1528:
1521:
1506:
1499:
1484:
1477:
1461:
1457:
1453:
1446:
1430:
1426:
1420:
1404:
1400:
1396:
1390:
1374:
1370:
1364:
1362:
1345:
1341:
1334:
1332:
1315:
1311:
1304:
1288:
1284:
1283:Computerworld
1280:
1273:
1257:
1253:
1249:
1242:
1240:
1220:
1216:
1209:
1203:
1187:
1183:
1182:
1181:SecurityFocus
1177:
1170:
1154:
1150:
1149:
1144:
1137:
1121:
1117:
1113:
1106:
1104:
1087:
1083:
1079:
1072:
1065:
1061:
1058:
1053:
1037:
1033:
1026:
1024:
1007:
1003:
999:
992:
976:
972:
968:
964:
960:
953:
937:
933:
929:
923:
907:
903:
902:Computerworld
899:
892:
876:
872:
868:
861:
859:
857:
840:
836:
832:
826:
810:
806:
802:
796:
794:
777:
773:
769:
762:
760:
743:
739:
735:
728:
712:
708:
707:Computerworld
704:
697:
695:
693:
676:
672:
671:
666:
659:
657:
655:
653:
651:
649:
632:
628:
621:
619:
602:
598:
594:
588:
586:
584:
568:. 2 June 2014
567:
561:
545:
541:
535:
519:
515:
511:
504:
488:
484:
480:
473:
471:
469:
467:
462:
453:
450:
448:
445:
443:
440:
438:
435:
434:
428:
426:
422:
418:
414:
410:
406:
405:TorrentLocker
401:
399:
389:
387:
382:
375:
365:
363:
359:
355:
350:
345:
340:
331:
327:
325:
321:
318:
317:Gameover ZeuS
314:
310:
306:
302:
292:
288:
286:
285:
280:
276:
272:
268:
264:
260:
256:
252:
249:, including
248:
244:
239:
237:
233:
229:
226:
222:
218:
214:
209:
207:
206:Gameover ZeuS
203:
199:
195:
191:
187:
177:
174:
171:
170:Gameover ZeuS
167:
162:
160:
156:
151:
148:
144:
140:
136:
133:
132:Gameover ZeuS
129:
125:
121:
117:
113:
110:
106:
102:
93:
90:
86:
81:
77:
73:
70:
67:
63:
60:
57:
53:
50:
47:
43:
38:
33:
19:
3050:Cyberattacks
3032:
2762:CryptoLocker
2761:
2516:DoublePulsar
2335:Cyber Anakin
2325:Ryan Ackroyd
2218:Helix Kitten
2213:Hacking Team
2208:Guccifer 2.0
2082:Lizard Squad
1898:Surkov leaks
1827:Hacking Team
1539:. Retrieved
1530:
1520:
1508:. Retrieved
1498:
1486:. Retrieved
1476:
1464:. Retrieved
1455:
1445:
1433:. Retrieved
1419:
1407:. Retrieved
1398:
1389:
1377:. Retrieved
1371:. Symantec.
1348:. Retrieved
1344:the original
1318:. Retrieved
1303:
1291:. Retrieved
1282:
1272:
1260:. Retrieved
1251:
1226:. Retrieved
1219:the original
1214:
1202:
1190:. Retrieved
1179:
1169:
1157:. Retrieved
1153:the original
1146:
1136:
1124:. Retrieved
1116:The Register
1115:
1090:. Retrieved
1081:
1071:
1052:
1040:. Retrieved
1034:. BBC News.
1010:. Retrieved
1001:
991:
979:. Retrieved
962:
952:
940:. Retrieved
931:
922:
910:. Retrieved
906:the original
901:
891:
879:. Retrieved
870:
843:. Retrieved
834:
825:
813:. Retrieved
801:Blue, Violet
780:. Retrieved
772:The Guardian
771:
746:. Retrieved
737:
727:
715:. Retrieved
706:
679:. Retrieved
668:
635:. Retrieved
605:. Retrieved
597:SecurityWeek
596:
570:. Retrieved
560:
550:14 September
548:. Retrieved
534:
522:. Retrieved
513:
503:
491:. Retrieved
483:Ars Technica
482:
409:registry key
402:
395:
383:
371:
341:
337:
328:
298:
289:
282:
255:OpenDocument
240:
217:user profile
210:
183:
163:
152:
109:CryptoLocker
108:
100:
98:
69:Trojan horse
40:CryptoLocker
2998:NetTraveler
2936:LogicLocker
2844:Hidden Tear
2741:Red October
2600:Dragonblood
2510:EternalBlue
2474:Stagefright
2340:George Hotz
2317:Individuals
2067:CyberBerkut
932:Justice.gov
815:23 December
572:5 September
524:24 December
413:Bit Torrent
354:distributed
122:running on
105:cyberattack
78:2 June 2014
59:Cryptovirus
3075:Ransomware
3055:Cybercrime
3039:Categories
2941:Rensenware
2926:BrickerBot
2854:TeslaCrypt
2644:Bad Rabbit
2594:Foreshadow
2498:Cloudbleed
2450:Row hammer
2432:Shellshock
2426:Heartbleed
2414:Evercookie
2390:The Jester
2272:Red Apollo
2232:BlueNorOff
2202:GOSSIPGIRL
2197:Fancy Bear
2187:Elfin Team
2182:DarkMatter
2177:Dark Basin
2162:Bureau 121
2122:Teamp0ison
2047:Hacktivism
1678:DNSChanger
1541:15 October
1466:15 October
1435:22 October
1409:18 January
1379:15 October
1350:18 January
1262:15 October
1215:kent.ac.uk
1192:25 October
1159:25 October
1126:18 October
1092:19 October
981:18 January
881:5 November
845:5 November
782:23 October
748:23 October
740:. Sophos.
717:25 October
681:25 October
607:18 January
493:23 October
458:References
368:Money paid
334:Mitigation
324:indictment
247:extensions
232:public key
186:attachment
112:ransomware
107:using the
49:Ransomware
18:CryptoWall
3045:Blackmail
2972:VPNFilter
2849:Rombertik
2813:FinFisher
2803:DarkHotel
2767:DarkSeoul
2675:Coreflood
2540:BlueBorne
2492:Dirty COW
2406:disclosed
2404:publicly
2242:NSO Group
2172:Cozy Bear
2112:PayPal 14
2055:Anonymous
1929:SHAttered
1673:DigiNotar
1042:18 August
1012:18 August
971:1059-1028
942:18 August
912:18 August
807:. ZDNet.
637:18 August
202:extension
180:Operation
159:backed up
139:encrypted
120:computers
3013:Titanium
2956:XafeCopy
2951:WannaCry
2880:KeRanger
2808:Duqu 2.0
2793:Carbanak
2612:BlueKeep
2588:SigSpoof
2546:Meltdown
2462:WinShock
2444:Rootpipe
2345:Guccifer
2267:Pranknet
2262:PLATINUM
2236:AndAriel
2147:Advanced
2102:NullCrew
2087:LulzRaft
1987:Trustico
1600:Timeline
1535:Archived
1460:Archived
1429:Archived
1403:Archived
1373:Archived
1314:Archived
1287:Archived
1256:Archived
1228:25 March
1186:Archived
1120:Archived
1086:Archived
1060:Archived
1036:Archived
1006:Archived
975:Archived
936:Archived
875:Archived
871:PC World
839:Archived
809:Archived
776:Archived
742:Archived
711:Archived
675:Archived
631:Archived
601:Archived
544:Archived
518:Archived
487:Archived
447:WannaCry
442:PGPCoder
431:See also
425:Symantec
377:December
313:Interpol
271:MoneyPak
225:2048-bit
221:registry
194:ZIP file
128:Internet
88:Platform
2910:X-Agent
2900:Pegasus
2783:Brambul
2746:Shamoon
2690:Kelihos
2680:Alureon
2659:Stuxnet
2629:Malware
2582:TLBleed
2564:Exactis
2552:Spectre
2486:Badlock
2420:iSeeYou
2385:Topiary
2117:RedHack
2107:OurMine
2092:LulzSec
1510:21 July
1503:Staff.
1488:27 June
1481:Staff.
1320:6 April
1293:7 April
1285:. IDG.
421:CAPTCHA
411:named "
379:
344:offline
279:bitcoin
259:AutoCAD
213:payload
147:bitcoin
92:Windows
55:Subtype
27:Malware
2993:Joanap
2946:Triton
2885:Necurs
2875:Jigsaw
2870:Hitler
2839:Dridex
2798:Careto
2721:Dexter
2654:SpyEye
2620:(2019)
2614:(2019)
2608:(2019)
2602:(2019)
2596:(2018)
2590:(2018)
2584:(2018)
2578:(2018)
2572:(2018)
2566:(2018)
2560:(2018)
2554:(2018)
2548:(2018)
2542:(2017)
2536:(2017)
2530:(2017)
2524:(2017)
2518:(2017)
2512:(2017)
2506:(2017)
2500:(2017)
2494:(2016)
2488:(2016)
2482:(2016)
2476:(2015)
2470:(2015)
2468:JASBUG
2464:(2014)
2458:(2014)
2452:(2014)
2446:(2014)
2440:(2014)
2438:POODLE
2434:(2014)
2428:(2014)
2422:(2013)
2416:(2010)
2399:Major
2380:Track2
2302:xDedic
2132:UGNazi
1252:ARNnet
969:
392:Clones
358:Sophos
320:botnet
190:e-mail
173:botnet
155:ransom
135:botnet
116:trojan
103:was a
3008:Tinba
2895:Mirai
2823:Regin
2736:Mahdi
2731:Flame
2716:Carna
2700:Stars
2618:Kr00k
2558:EFAIL
2528:KRACK
2480:DROWN
1605:2020s
1595:2000s
1222:(PDF)
1211:(PDF)
1148:ZDnet
963:Wired
452:Petya
437:Locky
374:ZDNet
275:Ukash
236:proxy
3003:R2D2
2988:Grum
2981:2019
2965:2018
2931:Kirk
2919:2017
2890:MEMZ
2863:2016
2832:2015
2776:2014
2755:2013
2709:2012
2685:Duqu
2668:2011
2637:2010
2375:Sabu
2127:TDO
2072:GNAA
2006:2019
1980:2018
1922:2017
1856:2016
1815:2015
1769:2014
1733:2013
1707:2012
1661:2011
1624:2010
1543:2014
1512:2023
1490:2023
1468:2014
1437:2014
1411:2014
1381:2014
1352:2014
1322:2014
1295:2014
1264:2014
1230:2014
1194:2013
1161:2013
1128:2013
1094:2013
1044:2014
1014:2014
983:2020
967:ISSN
944:2014
914:2014
883:2013
847:2013
817:2013
784:2013
750:2013
719:2013
683:2013
639:2014
609:2014
574:2023
552:2017
526:2013
495:2013
311:and
267:Euro
99:The
45:Type
2726:FBI
2370:MLT
2234:) (
1531:CSO
835:CSO
514:BBC
309:FBI
284:sic
273:or
265:or
263:USD
228:RSA
198:PDF
3041::
1533:.
1529:.
1458:.
1454:.
1397:.
1360:^
1330:^
1281:.
1254:.
1250:.
1238:^
1213:.
1184:.
1178:.
1145:.
1118:.
1114:.
1102:^
1084:.
1080:.
1022:^
1004:.
1000:.
973:.
965:.
961:.
930:.
900:.
873:.
869:.
855:^
833:.
792:^
774:.
770:.
758:^
736:.
709:.
705:.
691:^
673:.
667:.
647:^
617:^
595:.
582:^
542:.
516:.
512:.
485:.
481:.
465:^
253:,
2238:)
2230:(
1575:e
1568:t
1561:v
1545:.
1514:.
1492:.
1470:.
1439:.
1413:.
1383:.
1354:.
1324:.
1297:.
1266:.
1232:.
1196:.
1163:.
1130:.
1096:.
1046:.
1016:.
985:.
946:.
916:.
885:.
849:.
819:.
786:.
752:.
721:.
685:.
641:.
611:.
576:.
554:.
528:.
497:.
34:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.