If you're a daily computer user, you're likely aware of all the threats you face every day online in the form of viruses and malware.
CryptoLocker, a new ransomware malware, began making the rounds several months ago. This ransomware is particularly nasty because infected users are in danger of losing their personal files forever.
Ransomware is designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. The Cryptolocker hijacker sniffs out your personal files and wraps them with strong encryption before it demands money.
Cryptolocker is spread through malicious hyperlinks shared via social media and spam emails, like fake UPS tracking notification emails. The original demanded payments of $100 to decrypt files, but the new and improved version demanding $300 from victims.
Apparently, the encryption is created using a unique RSA-2048 public key. The decryption key is located on a secret server somewhere on the Internet and then there is a countdown on the infected machine which will let you know how long you have until this key will no longer be available.
Ransomware is not a new threat, but in the last year, it has become more effective and more popular with criminals. Researchers from a number of antivirus vendors are working on a way to undo the damage, but it's not going to be easy.
To prevent Ransomware from infecting your computer, please ensure that your computer has a properly configured firewall, updating each computer on a regular basis with the latest patches and updates from their vendor such as Microsoft, and restricting access solely to the administrator or person who operates the network or computer.
Update: Another Screenshot of the latest variant CryptoLocker illustrates that Ransomware accepts payment in Bitcoins also.
Once you send the payment of BTC2 (two Bitcoins, currently about $280), you will be shown a screen stating that your payment is being verified and the program will decrypt the files that it encrypted.
However, CryptoLocker is the first widely-reported instances where a ransomware program will actually go as far as permanently encrypting files on a host computer. Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files.
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executable that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.
Update: Another Screenshot of the latest variant CryptoLocker illustrates that Ransomware accepts payment in Bitcoins also.
However, CryptoLocker is the first widely-reported instances where a ransomware program will actually go as far as permanently encrypting files on a host computer. Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files.
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executable that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.
