This story has recently broken in the major news organisations and is spreading quickly due to the well crafted nature of the campaign. It is called cryptolocker and combines a number of technologies well into a single threat that although simple in concept is extremely well executed and heralds a new stage in cybercrime.
Cryptolocker is classed as ransomware and extorts money from victims in exchange for returning encryption keys needed to allow access to information that has been encrypted belonging to the victim and has been effective to the point that in some places, money packs have run out of stock.
The process goes pretty much like this…
The victim gets an email or message via social media with an attachment that is not what it claims to be. When the attachment is opened, Cryptolocker is installed and goes about it’s business.
Cryptolocker seeks out files that could be wordprocessor documents, spreadsheets, photographs, images and other files that would hold some kind of financial value to the owner. When these files are found, they are encrypted and the list of files is show to the victim who is given around 4 days to send the ransom of around USD$300/300 Euro or 2 bitcoins.
When the victim sends the money within the time specified, the system sends back a key that will decrypt the data (hopefully).
This differs with most common cases where it is all threats and bluster and you can safely ignore and remove the offending malware. This infection actually means business and does not take any prisoners. The cryptography is actually very strong and effectively implemented and at this point cannot be unencrypted without the criminal’s encryption key (which is different in each infection).
So what can we do?
(Apple owners and Linux people, you can stop yelling “Get rid of Windows” now. We get it.) 😉
As they say, the best cure is prevention and it comes down to a simple concept.
Do not trust attachments or other files from people you do not know and if you do get an unexpected file from someone you DO know, always send them a message to ask if they actually sent it before you even think about opening it. If they say no, it is something you should delete.
With the behaviour out of the way, we can take other steps to prevent this from becoming a problem. This is typically installing antivirus software. There are decent and free options out there including Windows Security Essentials, Avast!, AVG and others but they are no guarantee.
Keeping everything up to date is also one of the most effective ways to keep your computer safe. Nothing says “come on in, make yourself at home” than a computer that is not patched. You can make sure your windows computer is up to date by running microsoft update at least once a week. Every Thursday is a good idea to make sure that you catch the patches released every second Tuesday of the month (US Time).
There is a fix that can be applied by making changes to security policies and registry as show in an article from Computerworld.com (http://www.computerworld.com/s/article/9243537/Cryptolocker_How_to_avoid_getting_infected_and_what_to_do_if_you_are_) and a more in-depth article at Bleepingcomputer.com (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
However if you ARE bitten by Cryptolocker things get ugly pretty quickly. In short your data is gone. You will need to restore your data from a backup. Unfortunately, the USB hard drive connected to your computer or the network drive is not going to cut it. Cryptolocker will also encrypt any data it finds attached to the computer. Your backups need to be “cold” backups where the storage is not continuously connected as a browsable folder or drive on your computer. This puts entire business networks at risk as well as services such as dropbox and skydrive if you are accessing it as a folder on your computer.
Your backup system must be only accessible via the software used to run the backup, support multiple versions of your data as they are changed and preferably be offsite to further reduce the risk of encryption via Cryptolocker.
The experts agree that this is one of the most significant changes to the landscape of digital security and is the first of many variants to come.