
Cryptolocker is financially-motivated ransomware that encrypts a user’s computer files and demands payment in either an anonymous currency (Bitcoin), or Moneypak payment cards. Propagation & Exploit is typically via spam email purporting to come from shipping companies or regarding business processes, dropped by other malware, thumb drives, and Yahoo! Messenger. Upon infection, Cryptolocker contacts the command and control (C2) server for a public RSA-2048 encryption key, which is downloaded and used to encrypt typical enterprise files types,