Security firms started sounding the alarm earlier this year, but this nefarious
nemesis has only picked up momentum. CryptoLocker is spreading its ransomware wings and finding plenty of victims in its path.
But let’s take a step back. What is CryptoLocker? According to AppRiver, CryptoLocker belongs to a type of malware known as ransomware. If a victim is infected, the malware encrypts all files containing certain extensions with a locally stored 2048-bit RSA key and then again asymmetrically with a 256-bit AES encryption key it gets from its command-and-control server.
Once the encryption is completed, the malware displays a pop-up notice demanding the victim pay a ransom for the blocked files he is trying to view. The cost to unlock the files: $300 -- and there’s a time limit of about 100 hours to pay up.
Rapidly Spreading Ransomware
In the last 30 days, AppRiver’s spam filters quarantined 56.6 million e-mails that contained a virus as an attachment. And CryptoLocker is still the biggest piece of malware being trapped. This rate is an increase, for the fourth consecutive month, and is the highest total seen since March of 2012.
Troy Gill, senior security analyst of AppRiver, told us given the key arrests that were made involving the author of the Blackhole Toolkit -- and given the fact that its use was the most widespread -- its natural to assume that there’d be a decrease in malware. But that’s not been the case.
“Instead our intelligence confirms that the criminals that were using it simply jumped ship and moved on to a toolkit by the name of Magnitude and, very quickly, it was business as usual for them. It seems malware authors have major problems when it comes to customer loyalty,” Gill said.
Are You Backed Up?
Unlike some other forms of ransomware, CryptoLocker actually does encrypt the victim’s PC until payment is made. So far, Gill said, reports have stated that those who pay the ransom do in fact receive the promised encryption key and are returned access to their important files -- although there have also been multiple reports of those who have paid and have not received the keys.
“If you are especially worried about CryptoLocker, or if you know someone who is prone to infection, the best thing you can do, aside from not getting infected, is to create hard backups of important files,” Gill said. “This way if you become infected you can simply wipe your machine and start fresh. Without a plan B, you will be left with a difficult decision of either paying the attackers or losing your files.”
Indeed, Tom Cross, Lancope director of security research, said the unfortunate reality is that as far as we know at this time, files encrypted by CryptoLocker are as good as gone.
“Having a good backup solution is the key to protecting yourself against an attack like this, so that you can restore your computer to a state before it was infected,” he said. “It's also important to keep antivirus up to date. Many CryptoLocker infections are happening to computers that were already infected with another malware. A recent study by concluded that you are five times more likely to be infected with malware if you aren't using anti-virus software.”
CryptoLocker News Channel:
Posted: 2013-11-28 @ 3:50pm PT
Wow this is crazy! I've dedicated my time to follow CryptoLocker.