Hundreds of thousands of victims have been attacked by cryptolocker, a virus that is more insidious than traditional malware. What is it and how can users protect themselves from it?
What is Crytpolocker and How Does a System Become Infected?
Cryptolocker is a Trojan horse type virus. However, rather than just hiding and collecting sensitive information, this attacker is much more insidious. This intruder is known as ransomware and does exactly as the name implies.
Like most viruses, Cryptolocker comes via email to an unsuspecting recipient. The latest version of this malware uses as its infecting point. The victim receives a notice telling them their fax is ready to view, the user clicks on the link which takes them to the cloud service which seems safe.
Upon opening the ZIP file, the software is loaded on to the computer.
Once installed, Cryptolocker hijacks the user’s system. The virus displays a message for the victim to visit a Tor site where a demand for money, in the form of Bitcoins or pre-paid vouchers, is made. While it might seem easiest to pay the money, it doesn’t guarantee the delivery of the cypher key.
It also doesn’t guarantee that the unlocked files are not corrupted beyond repair.
Cryptolocker is hard to combat once the computer is infected, because it is commanded by an RSA encryption key that is controlled by the perpetrator. If the victim does not pay, the files stay encoded forever. In a few cases, if there is no payment, an alternative site is displayed. At this site, the files can be decrypted for a fee, which is usually higher than the original ransom. Either way, the engineer of the scheme gets his money.
Cryptolocker only infects certain file types, meaning it might not lock out all of a system but it will render a vast majority of the data useless. The categories include Picture, Word, Excel, Adobe Illustrators, PowerPoint, and AutoCAD files to name a few.
At this time, computers operating Windows are the most vulnerable. The cryptolocker virus has infected over 300,000 users and gained over $70,000 in Bitcoin transactions. This current version also uses a base 36 code allowing the perpetrator to track 1,727,604 systems using only 4 digits.
The cryptolocker program is easily removable from a system without paying the ransom. However, deleting the file does not release the encryption from the data. The master key is a complex cipher that has been determined to be unbreakable by top computer experts.
How Do Users Prevent Infection?
The most common way to prevent infection by cryptolocker is to not open any unknown attachments, even if they seem legitimate. Faxes are common. However, if the document is unexpected or from an unknown source — do not open it. Unlike traditional phishing emails, verifying the link to the data does not work.
The link goes to Dropbox, a reliable source.
Another way to protect files from damage is to retain the data on an off-site location, either an external hard drive or a cloud service. By backing up often, users lessen their risk of losing important information to corruption.
Because it can be possible to backup corrupted files, some cloud services, such as , now allow users to keep multiple revisions of the same file, at no additional cost. This allows them to go back to a document that was not corrupted in order to restore a working version.
As computing gets more sophisticated, so will the scams. People make mistakes and someone will always inadvertently compromise the security of an entire group.
Until security does a better job at confronting the human aspect, the phishers are going to always have victims. Tell us what you think of this new threat and what your ideas are on prevention.