CryptoLocker is the name of a nasty
new type of security threat that emerged in 2013. Its a Trojan that goes
straight to the heart of every computer user’s worst fear losing their data.
Once it infects a PC, it encrypts and locks folders containing certain types of
file.
WHICH FILES DOES IT AFFECT?
So many, it’s frightening. Of the
files that most people will know and use. CryptoLocker will encrypt and lock
DOC, DOCX. XLS. XLSX. PDF and JPEG files, but that’s lust a very small snapshot
It goes well beyond these.
WHY ARE CRIMINALS DOING THIS?
The only way to unlock these
encrypted files and regain access to them is to use a specific key. The
criminals hold this key and won’t give it to you unless you pay them. It’s pure
extortion, aimed at getting money from victims and, given the nature of the
infection, there are reports of people being frightened enough to pay.
ISN’T THIS RANSOMWARE?
Yes, but in a more sinister form.
The process is similar the malware gets into your system and restricts access
to your computer until money is exchanged. Ransomware tends to lock people out
of their computers while leaving files Intact. But with CryptoLocker encrypting
individual files - many of which will be vital and valuable -
it is classed as
‘cryptoviral extortion.
HOW MUCH DOES IT COST TO UNLOCK?
The malware creators usually ask for
payment in Bitcoins. Just one Bitcoin costs hundreds of pounds (the value goes
up and down like a yo-yo). Some instances of CryptoLocker have asked for
payment via electronic money systems MoneyPak (www.moneypakcom) and Ukash
(www.ukash.com). The payment is made
through a money-demand window that appears when a computer is infected.
CAN’T I JUST DELETE IT?
Removing CryptoLocker my cause more
harm than good. because it removes the ore chance you have of decrypting your
data. The message is that the only W3 to get your documents. photos,
videos, music, financial details. invoices and whatever else you may have
stored there is to use the key that the criminals hold0.
HOW DO THEY KNOW THE KEY?
After encryption, CryptoLocker
reports back to its central server and asks for a key to be generated. It is
sufficiently long and hard enough to crack to ensure you will never be able to
guess it.
SO I SHOULD PAY UP?
No. Don’t pay anything. Although the
criminals try to inject a sense of drama with a countdown clock in order to get
you reaching for your wallet, the advice from leading experts is clear ‘You
should never pay a ransom,” says Symantec (www.symantec.com). which in
December described CryptoLocker as the ‘menace of the year’. ‘Payment to cybercriminals only
encourages more malware campaigns. There is no guarantee that payment will lead
to the decryption of your files.”
WHAT HAPPENS WHEN THE CLOCK RUNS
OUT?
The malware makers say that the key
will be deleted and that, theoretically, you will never be able to unlock your
files.
HOW CAN I RETRIEVE MY FILES?
To be honest, with great difficulty.
Victims really need the key to be able to unlock the files, and yet paying up
will keep this problem rumbling on. “Old fashioned” ransomware attacks have
begun to dry up because users became wise to the practice and the hope is that
refusal to pay will cause the criminals to abandon their attempts at extortion.
WON’T MY ANTI-VIRUS PACKAGE PREVENT
IT?
Security experts are working hard to
head off the threat, but it appears that anti-virus software is rather powerless at preventing the Trojan
from taking hold and, if it does spot something amiss, it tends to be too far
down the line to prevent CryptoLocker from encrypting your files.
HOW WOULD MY PC GET INFECTED?
Typically, via email. The Trojan is
disguised as a file, such as a PDF, and it is contained within an executable
EXE attachment which, when opened, wreaks havoc. The emails purport to contain
important information - in the same manner as phishing attempts. So far, the
targets seem to be businesses rather than individuals, since it is easier to
hide a rogue invoice or a purchase order in a business email than it is in a
private one, but that may change.
WHAT CAN I DO TO PREVENT IT?
Be very careful about the
attachments you open. As always, if you are in any doubt, leave it alone. Some
companies are being advised to put severe software restrictions in place to
prevent the accidental opening of CryptoLocker. You should also be aware of the
importance of backing up.
Symantec advises using Windows
Backup on a regular basis, so that
you can restore encrypted files. If you back up, remove the back-up device from
the computer afterwards so that it won’t get infected. Another easy way to back
up is to use a cloud service such as Google Drive or Dropbox. If you do become
infected, you can at least start afresh knowing that your files are safe
somewhere. You can download a free program called CryptoPrevent (bit.ly/cryptoprevent336) to prevent infection by CryptoLocker.
CAN I STOP IT SPREADING?
Use an anti-malware tool to remove
the executable file to prevent further damage. Then ensure the machine is clear
of other potential hazards.
IS ANYBODY TRYING TO RESOLVE THIS?
There have been attempts to pull
down CryptoLocker’s servers, but they have proved unsuccessful so far. Malware
Must Die (malwaremustdie.org) identified 138 domains which, it said, were being
used by the malware, but even though the action group suspended most of them,
CryptoLocker managed to live on. It affects around 11000 computers each day and
Lee Miles, Deputy Head of the National Crime Agency’s National Cyber Crime Unit says: “The NCA is
actively pursuing organized-crime groups committing this type of
crime. We are working in cooperation with industry and international partners
to identify and bring to justice those responsible and reduce the risk to the
public.”
SHOULD MAC OWNERS BE WORRIED TOO?
Not at this stage. CryptoLocker is
only attacking PCs.
IF MY PC IS INFECTED, WHO DO I
REPORT IT TO?
The National Cyber Crime Unit
advices victims to visit here, which
has an online form you can use to file reports.
