Dell's security research team has uncovered a new form of Cryptolocker ransomware, which has infected up to 250,000 devices and stolen almost $1m (£600,000) in Bitcoins.
"Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the Cryptolocker threat," Dell announced in a Secureworks post.
The firm worked out that if the Cryptolocker ransomware threat actors sold their 1,216 total Bitcoins (BTC) collected from September immediately upon receiving them, they would have earned nearly $380,000.
"If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC," Dell said.
Cryptolocker is unique, because instead of using a custom cryptographic implementation like many other types of malware, Cryptolocker uses third-party certified cryptography offered by Microsoft's CryptoAPI.
"By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent," Dell said.
Ransomware prevents victims from using their computers normally and uses social engineering tactics to convince victims that failing to follow the malware authors' instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as downloading illegal music or pornography.
"Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware," Dell explained. "Cryptolocker changes this dynamic by aggressively encrypting files on the victim's system and returning control of the files to the victim only after the ransom is paid."
Dell said the earliest samples of Cryptolocker appear to have been released on 5 September this year. But details about its initial distribution phase are unclear.
"It appears the samples were downloaded from a compromised website located in the United States, either by a version of CryptoLocker that has not been analysed as of this publication, or by a custom downloader created by the same authors," the firm added.
Dell said early versions of Cryptolocker were distributed through spam emails targeting business professionals, and not home web users. The emails claimed to be a ‘consumer complaint' against the email recipient or their organisation.
Attached to these emails was a ZIP archive with a random alphabetical filename of 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension.
12 of the 32 stars observed feature rings and gaps that are usually carved by planets in the process of formation
Overhaul to parachuting system and the ability to export clips from replays also coming to PUBG
The experiment is currently underway at South Korea's Yangyang Underground Laboratory
Exoplanet HAT-P-11b is located about 124 light years from Earth