Skip to main content

Ransomware family starts accepting Bitcoin

One particular ransomware family is now accepting Bitcoin for the first time with the anonymous currency able to remove the encryption and signalling the malicious threat is continuing to grow. reports that Cryptologic, identified by Microsoft as Crilock.A, also takes payment in MoneyPack, Ukash and cashU, with Bitcoin offered as the “most cheap option”.

Microsoft released the signature just a month ago, according to the same site, and one of the many infections involving the particular ransomware family was analysed by Alienvault.

“The sample we analyzed had the CnC hosted on 212[.]71[.]250[.]4 [this is actually a sinkhole, not a CnC]. It has a domain generation algorithm, so the CnC could be in a completely different host in just one day,” explained Alberto Ortega of

Once the computer is infected there is a screen that displays various technical information as well as the amount of money in Euros and US dollars that is needed to remove the encryption before stating there are other currencies available.

When next has been clicked the encrypted user can choose Bitcoin from the drop-down list with a Bitcoin address given that Alienvault explains is not profiting greatly from the roll out as of yet.

Ransomware has been growing over the past couple of years with cyber criminals increasingly using it as an easy way to procure cash. It works by taking control of a victim’s computer and then holding it to ransom until a payment is made for it to be unlocked.

At the end of 2012, Symantec predicted that there would be a rise in the use of ransomware in 2013 and even mentioned that the “deployment of better online payment methods to collect money from victims” would fuel its rise.

Bitcoin, meanwhile, is as volatile as it is controversial and was recently at the centre of the arrest of Silk Road operator Ross Ulbricht as the FBI attempts to unravel the deep web when it comes to payments made to the site using the anonymous currency.