A new wave of crypto ransomware targeting Luxembourg

A new wave of crypto ransomware targeting Luxembourg

Back to CIRCL Newsroom - Press Release

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

A new wave of attacks impacting companies and individuals is on the rise in Luxembourg since a few days. The infection known as ‘CTB-Locker’ or ‘Critroni crypto ransomware’ is delivered mainly through spam messages and email attachments (i.e. ZIP files, via Flash…).

CTB Locker screenshot

This type of malware encrypts the victims’ files on logical drives like local hard drives, removable drives and server shares (mapped network drives), which usually contain a lot of sensitive information. When the encryption process is finished, the malware demands a payment in order to receive the decryption key. The amount requested ranges currently from ~500 to ~1.500 Euro and it has been reported that this malware is quite financially successful for the attackers. Infections with a crypto ransomware can be devastating to impacted organizations especially when critical company information is no longer accessible.

“These infections result in your files being locked and the inability to access them anymore, unless you pay to get the decryption key and access your files again. The attackers who are running these types of campaigns are professionals and have learned to implement cryptography methods correctly for their benefit. The first recommendation we make is to do regular backups and to not pay the attackers”, explains Sascha Rommelfangen, from CIRCL

  • The main recommendation CIRCL makes is to always perform regular backups of the personal files. Such malware also impacts USB drives and network attached servers. We strongly recommend to keep the backups on separate devices.

Companies and IT operators will need to ensure that they can restore files from their backups and have an adequate retention period.

In addition, security best practises must be followed:

Don’t hesitate to contact CIRCL in case of an incident.