There is a new version of ransomware that offers an extended period of time to pay the ransom, as well as offering files to undergo decrypting free of charge.
Previous versions of the Critroni ransomware, also known as CTB-Locker, required the payment to occur 72 hours, or the fee would increase, said researches at Trend Micro. Also, the free trial of the decryption service did not exist earlier. This move is to assure the victim of the full data recovery if the ransom is paid.
In the new upgraded version, which security researchers detected in January 2015, the grace period is set at 96 hours (with no extension offered) while the amount of files that can end up decrypted is five. The new model is to grow the number of victims that pay the ransom.
“Analysis of the variant revealed a feature previously unseen in CTB Locker variants—the chance to decrypt files for free. This ‘freemium’ model was seen in the malware CoinVault, but this CTB Locker variant upped the ante by allowing the victim to choose five files, rather than just one, to be decrypted,” Trend Micro said in a blog.
The downside is the ransom increased to 3 BTC (currently $700). In samples from July 2014, Critroni asked for 0.2 BTC ($46).
The malware delivers through email messages in different languages claiming to be important notices, Trend Micro researchers said. They deliver an attachment containing a malware downloader, which ends up archived twice. Once the file ends up executed, it proceeds to download Critroni from compromised websites based in France.
The researchers found the malicious messages go out automatically from systems that are part of the Cutwail spam botnet.
If infected with ransomware that encrypts data on the computer, it is advisable not to pay the ransom in order to discourage such fraudulent practice. Keeping regular backups, at least for the most important files, ensures their recovery in case of infection with this type of malware.