Cryptolocker, the possibly the nastiest virus ever.

During the past couple months, ransomware known as CryptoLocker has made its presence known in homes and businesses around the world. While ransomware is not a new concept, the pervasiveness of CryptoLocker, combined with its strong encryption, make it a particularly nefarious, nasty and destructive ongoing threat.

CryptoLocker is a version of ransom malware that spreads via phishing emails containing infected attachments. Once the attachment is opened an executable file infects the machine and holds it to ransom by encrypting files, which won’t be unencrypted until a cash demand is paid.

Typically, the user receives an email that purports to be from a well-respected government body, or well known brands, and claims to be related to a customer support issue, explained AVG’s chief technology officer Yuval Ben-Itzhak.

More recently, the virus is reportedly spreading via the well-known ZeuS botnet.

As soon as the attachment downloads it infects the computer, encrypting users’ files using asymmetric encryption, featuring a public and private key pair. The public key is used to encrypt and verify data, while the private key is used for decryption.

Once activated, the malware encrypts a variety of file types on compromised Windows PCs before delivering a ransom message asking for payment before a fixed deadline that usually falls within three or four days from activation date.

CryptoLocker-thmb

A clue to the legitimacy of the demand is that payment are requested in the form of anonymous prepaid cash services such as MoneyPak, Ukash, cashU or through the Bitcoin digital currency.

cryptolocker-payment-methods

“By having an installed, active and up-to-date antivirus program on their PC, users can minimize the risk of infection,” said Yuval.

“Nevertheless, users should be wary of opening attachments from unsolicited emails even from well known organisations, such as government bodies.”

A few sensible precautions will help minimise the chances of a CrytoLocker attack. So what are our top tips?

• Back up your files. If you use an external hard drive, don’t leave it connected to your PC unless you are backing up. Alternatively, pay for an online back-up service – but bear in mind you may still be vulnerable if your backed-up files are mapped as a network drive. Check with your provider if you are unsure.

• Create files in the Cloud and upload photos to online accounts like Flickr or Picasa.

• Switch to a spam- and virus-filtered email service. Google Mail, for example, does not allow you to receive or send executable files (that can install viruses) as email attachments, even if they are hidden in zip files. (It also does not allow you to send them).

• Don’t go to online porn sites, which are often the source of malware downloads. Take care when clicking on adverts; never open Twitter links and attachments from people you don’t know or trust.

• Make sure your operating system is up-to-date with the latest security patches.

• Install the latest versions of your internet browsers and update add-ons such as Java and Adobe Flash.

• Get reputable anti-virus software and ensure you update it frequently.

• On Windows 7, double-check that you have set up System Restore points or, if you are using Windows 8, configure it to keep the “file history”.

• Act quickly. If you do accidentally download a dodgy attachment, bear in mind it is likely to take some time for the encryption to take place. If you immediately download and run an anti-virus programme, such as the free anti-virus toolkit available from Sophos, it could destroy the CryptoLocker before all your files have been encrypted – however, you will permanently lose affected files.

• Encrypt the files you particularly want to keep private, such as documents containing your passwords or personal information, to prevent criminals from reading what’s in them. Read this useful “Ask Jack” post on the Guardian technology blog to find out more about encrypting your files.

Comments are closed.