Once this malware is executed on a computing device it encrypts files in the victim’s computer, and demands a ransom 300 USD to be paid by the victim within 72 hours in order decrypt the victim’s files.
In early September 2013, security experts around the world became aware of a very nasty piece of malware that, once executed, encrypts files in the victim’s computer, and then demands a ransom of $300 for decryption.
This one of the most destructive malware infections I have ever seen! It is essential that anyone with a connection to the Internet is aware of this beast.
This type of malware is popularly known as ransomware and is spread using social engineering tricks especially via email such as fake FedEx, banking, credit card, or UPS tracking notifications with attachments. Once the victim opens such email attachments, CryptoLocker gets installed and starts scanning the hard disk for all kinds of documents. These include images, videos, documents, presentations, spreadsheets AND including any backup files that may also be maintained on the target system. Thereafter it encrypts these files converting them into an unreadable form. The ransomware then pops up a message demanding a payment of $300 (currently) to obtain the private key to decrypt the files. The message also displays a time limit within which the payment must be made.
CryptoLocker uses unique RSA encryption method of public private key pair to encrypt its victim’s data. It is not possible to decrypt the files encrypted in this way until one has access to the private decryption key. The key is not stored on the infected computer, but rather on the hacker system which, of course, we do not have access to.
There is no known fix – other than paying the ransom. Without the key it is not possible to decrypt the data encrypted by this malware. The malware defines a window of 72 hours to pay the ransom and to get the private key to decrypt your data. If the amount is not paid the hackers destroy the private key and your encrypted data is locked forever with no way to recover it. Hackers behind this malware are able to avoid the trace back by using digital cash systems like Bitcoins, UKash and MoneyPack, where the payments can be anonymous.
Here are two very simple steps you can take to minimize your risk:
* Never entertain unknown or unwanted emails with attachments, especially those that come from FedEx, banking, credit card, or UPS tracking notifications. Use strong anti-phishing, anti-spam and content filtering to filter out the fraudulent emails and no-go web sites.
* Ensure that your systems are backed on a regular basis. Preferably daily, with multiple versions and maintained at an off-site location.
I have attached a link to recent NakedSecurity newsletter from SOPHOS that includes a MUST WATCH video that illustrates how Crypto-Locker works, prevention, cleanup and recovery.