The CryptoLocker virus is the latest example of a disturbing new trend in cybercrime called “ransomware”, wherein hackers use viral encryption malware to literally hold your data hostage,restricting access to your own computer. The malware has the ability to find and encrypt files located within shared networks, USB drives, external hard drives, network file shares and even some cloud storage drives. If just one computer on your network becomes infected, the entire network is compromised.
Most people are unaware that they’re being hacked until it’s too late: seemingly out of nowhere, a window will pop up on your desktop, informing you that your files are now encrypted, and a countdown timer is triggered. The perpetrators demand $300 payment within 72-96 hours (three to four days) or your files will be deleted forever. There are several factors at play in the implementation of this scheme that make it particularly effective. Understanding how the virus works is key to preventing infection. So far CryptoLocker only affects computers running on Windows 7, Vista, or XP, but hackers are no doubt working on broader versions targeting Windows 8, Mac OS, and others.
The virus is reported to be delivered via email, in an innocuous looking, routine tracking notification message. Emails containing the virus have been known to come disguised as notifications from online retailers or services such as Amazon, UPS, FedEx, etc. It’s no coincidence that CryptoLocker’s debut is timed with the beginning of the holiday rush season, when many people are fielding emails from several such companies at once. It should go without saying, but carefully screening unfamiliar emails is probably the easiest means of prevention. It may look like an official message from a trusted company, but if the email asks you to follow a link or open a file, double check your transaction history separately though the company website. Up to date anti-virus software can can flag or even block emails with suspicious attachments or double-extension files.
The relatively low ransom, coupled with the short window of time to respond, tends to make users simply pay up. But cooperating with criminals only perpetuates the damage they can do, and encourages others to author similar malware. Reports are even surfacing from victims who paid the ransom and never received the decryption key they were promised, (also, paying up doesn’t offer any insight to the location or identity of the thieves, as payment is remitted through digital currencies such as BitCoin or MoneyPak, making it impossible to track). If your PC is infected, disconnecting from the internet and/or turning off your computer is the very first step toward mitigating the damage—at the very least, it stop the virus from continuing to infect. From there, the only recourse is to clean out the files completely and restore them from a backup. It’s never a good idea to give into extortion, but without a backup plan, users find little recourse other than taking the gamble
Awareness and prevention are key to dismantling the efficacy of scams like CryptoLocker.
Anti-virus software, malware detection, and regularly scheduled backupsof your data can help deflect these threats altogether. Contoured Solutions’ range of security products and services offer the best possible protection for your network, and in the event of a security breach, a well-formed backup and security profile can not only restore your network, but your peace of mind.