While happily working on your computer getting stuff done, little do you suspect that in the background, your important files are being subjected to a military-grade encryption to which you don’t have the key.
Suddenly, a Cryptolocker alert appears on the screen—you have only days to pay the ransom or lose all your encrypted files forever. A countdown is already ticking on your screen.
Nothing New Just A Little Better
An updated and more virulent on-line version of a very old crime – taking something you really care about or need hostage, and extorting money to get it back.
Ransomware is the term for any malicious software which restricts access to users’ devices by locking access or encrypting their important files.
Compared to its predecessors CryptoLocker employs advanced techniques as the first ransomware to request payment through Bitcoins and making use of effectively unbreakable encryption methods to reignite this aggressive sector of the cybercrime landscape and using an affiliate model to spread more rapidly than any of its contemporaries.
Growth in Ransomware & techniques
Security reports highlight the continuing increase in malware with over 230,000 new samples detected every day, and a 6-fold growth in ransomware in H1 2015 compared to last year.
The successful growth is down to the continuing release of new variants for evading security software, emails, and an “affiliate” program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with higher-quality phishing messages.
How Cryptolocker works
CryptoLocker is generally spread through visits to infected websites, social media or phishing emails using social engineering techniques.
So the victim may receive an email purporting to be from a logistics company or your bank. With a password-protected ZIP file containing either a double-extension file such as *.pdf.exe, making it look innocuous or more recently a resurgence in macro-enabled Word documents.
As soon as the user runs the file it encrypts valuable files using an asymmetric encryption algorithm that only the cyber-criminal can provide the unlock key for. All files on local and network drives are vulnerable.
When Cryptolocker has finished encrypting files it will then display the ransom message to the user with details of how to pay and a countdown timer.
Cryptolocker is far worse in a corporate environment as single infected computer will also encrypt files on the file server. Even worse, some organizations use a file-server drive as a shared backup drive for multiple users, meaning that all online backup files could be encrypted too.
You’d think it would be simple to track down the criminals given that they’re taking a ransom, but it’s not that simple. Since CryptoLocker demands payment through wire transfer, premium rate text messages, and Bitcoins, it’s much more difficult to follow the money.
The ransomware business has proven to be profitable returning millions in revenue. So much that there are even specialist variants such as TeslaCrypt which locks and acts like CryptoLocker but focuses on encrypting file types associated with video games and music elated software.
An ounce of prevention is worth a pound of cure
The threat of ransomware and data loss can be reduced by following these simple steps:
- Update – Windows and other applications such as Chrome, Firefox, Flash Player and the Adobe Reader and even WinRAR are known gateways for malware threats. By keeping them up to date the threat opportunity is reduced.
- Backup – Make backup copies: Make regular backups of all your important files – from your photos to your tax documents.
Backup options are now more cost effective than ever with one-press backup boxes for consumers, various solutions for businesses and cloud-solutions for all. This will not only mitigate damage caused by malware infections, but also hardware failures and other incidents as well.
- Secure – For consumers a reputable security solution with antivirus and firewall plus additional layers on top such as; Antiexploit, Application Control to stop your files being encrypted and Process Monitor to increase visibility of unknown applications is required.
Businesses provide a higher profile target for Ransomware so in addition to Endpoint Protection, they should also be considering Endpoint Detection & Response solution such as Adaptive Defense 360 which ensures 100% application trustability.
- Be Safe – Despite being around for several years many people are not aware of Ransomware, make sure people know about the virus before they get infected.
Educate users on safe behaviour such as being particularly wary of emails from senders you don’t know, especially those with attached files, and websites which require you to download an add-on to view information or a video.
Be careful where you click. Not all websites are safe and some hide nasty surprises. If your browser says that something’s not right, then pay attention to its warning.
Data lost, what should you do?
It is not recommended to give in to this type of extortion, it will simply encourage these criminals and other to continue developing these Trojans and techniques.