October 28, 2013
Cryptolocker Virus Holds Your Files For Ransom
Michael Harper for redOrbit.com - Your Universe Online
A new piece of ransomware is giving Internet users one more reason to think twice before they click a link in an email. A virus known as Cryptolocker has been infecting PCs around the world and effectively holding the files within for ransom. Users who have their files locked up by the ransomware are currently paying $300 to $700 to the criminals who run the virus to gain control of their computer.
Cryptolocker first made an appearance last month and since then has been locking up individual computers as opposed to computers located on a network. The virus is usually spread via email through messages sent from an account claiming to be customer support for DHS, FedEx, UPS, etc. These emails have an executable file attached disguised as a PDF. The emails usually ask the recipient to download the form as a PDF, have it signed and then keep the form on file.
PC owners who click to download what they think is an important form end up downloading the cryptolocker virus. The virus then goes through the files on the computer and encrypts them using a method known as asymmetric encryption. This style of encryption requires a public and private key to unlock the files. While the private key may reside on the user’s PC, the private key resides on the cybercriminal’s server and is not handed over until payment is received, according to the tech blog Malwarebytes.
What’s more, the owner of cryptolocker insists the payment be made in 96 hours, or four days. If the ransom isn’t paid by this time, both the private and public keys are destroyed, essentially rendering the encrypted files useless and irretrievable.
According to BleepingComputer.com, there is no way short of a brute force method to decrypt the files without paying the ransom. The only way to restore the files without handing over $300 to $700 to a cybercriminal is to keep proper backups or Shadow Volume Copies of the files. PC owners can also use Software Restriction Policies to prevent certain software from opening or running executable files. This method can be used to directly target any email containing the cryptolocker virus, but it could also restrict other pieces of software from operating normally.
Finally, while paying the ransom so far has unlocked the encrypted files, users should be aware they are essentially paying a criminal for their crime.
"If even a few victims pay then the cybercriminals will think they have got a viable business model and keep infecting people and asking for ransoms. If nobody pays, they will stop these campaigns," said Dmitri Bestuzhev, a Kaspersky spokesperson in an interview with The Guardian.