November 15th, 2013 by admin
CryptoLocker is a new, and particularly malicious, breed of ransomware discovered only a couple months ago. CryptoLocker is a Trojan horse malware that encrypts and restricts access to the infected computer while demanding payment for the recovery and decryption of files, typically within a 72-hour deadline. CryptoLocker primarily infects computers (running Microsoft Windows) via malicious attachments found in phishing emails, which when opened, immediately infect the host computer.
But CryptoLocker is especially fierce because these phishing emails are designed to look and feel like an email from a trusted organization. They may be disguised as a harmless email from your bank urging you to check your account information by opening the attachment. They may even ask you to input a secure password to open the attachment, perhaps seeming more legitimate to the average person, but still as destructive.
A New Era of Malware
CryptoLocker represents a new era of malware. Perhaps the greatest signifier of this is its use of a new global payment system, the Bitcoin – a virtual, digital currency. Criminals no longer need to model their scam to various currencies but may take in their payments with only one form of currency. This makes the scam much easier and more profitable for them.
The crooks behind CryptoLocker have also released a Decryption Service, a so-called “Customer Service Website,” which allows victims infected by the malware to easily pay the ransom after the 72-hour deadline in order to unlock their files. But in order to decrypt the files past the 72-hour deadline, a victim will be forced to pay significantly more. Instead of the original 2 Bitcoins/$300 ransom, it is now a whopping 10 Bitcoins, nearly $4,000 in today’s value!
NOTE: As of December 5, 2013, the Bitcoin exchange rate is hovering at about $1000/Bitcoin!
The best way to protect yourself from CryptoLocker and other malware attacks is general common sense and security education. If it seems fishy, it usually is. Never open an email or attachment from someone you don’t know or weren’t expecting to hear from – especially if that email seems strange and impersonal. In the case of an organization such as a bank, never open an email or attachment unless you have been expecting it from that organization. If the subject line claims you must access your account or open an attachment to resolve a problem, log in securely to your account through the organization’s website or call customer service to ascertain if there really is an issue – never do so through an email attachment.
It is also vital you are up-to-date on anti-virus and anti-malware software.
However, when a new virus or malware attack launches, anti-virus software companies need time to ascertain the attack and effectively block it. This may not happen for weeks or even months after a particularly nasty attack is first launched, and even then, infected emails can still get through as the crooks change-up their tactics.
For this reason, do not rely entirely on anti-virus products. The best form of defense is always common sense.
NOTE: If you have been infected with CryptoLocker, US-CERT (The US Computer Emergency Medical Team) and the Department of Homeland Security encourage users and administrators NOT to respond to extortion attempts and instead report the incident to the FBI at the Internet Crime Complaint Center (IC3).
Don't be a victim!
Check out the other articles in our Cryptolocker and Ransomware blog series to get more information about protecting yourself:
- The Single Most Reliable Method for Preventing a Ransomware Attack
- How to Identify a Malicious Email
Posted in: Cyber and Data Security