CryptoLocker 2.0 Not The Same As The Original CryptoLocker

CryptoLocker 2.0 Not The Same As The Original CryptoLocker


The people that want to steal your money are not sleeping and now CryptoLocker 2.0 is on the loose. In my previous Articles for Ransomware I published information regarding the most fearsome menace nowadays. However, a new variant of the CryptoLocker virus  began to spread in the wild. While the behavior of this parasite is the same, a closer look reveals that this actually might not be the same.

It scans infected computers for certain file types and encrypts them using RSA public-key cryptography. It then demands the payment of a certain amount of money to have the files restored.


Similarities between Crypolocker and Cryptolocker 2.0:

The spreading mechanism is the same: presents themselves as cracks, activators and keygens for various software, such as MS Office, Windows, etc. Malicious E-mail attachment. Fake advertisements.



 The most obvious difference is that Cryptolocker is written in C++ language, while Cryptolocker 2.0 is written in C#. The Second version accepts only Bitcoins as payment, it also uses a weaker encryption algorithm and has hard-coded domains in it.

In conclusion, considering all of the above, CryptoLocker 2.0 is probably developed by a copycat.

Leave a Comment