Advertisment

Computer virus “CryptoLocker Ransomware” spreading rapidly

author-image
Harmeet
New Update

BANGALORE, INDIA: In early September 2013, Quick Heal Threat Research and Response lab received several incidents about a malware that once executed encrypts files in the victim's computer, and demands a certain ransom for decryption. This malware makes demand of $300 through prepaid card services like UKash, Bitcoin or MoneyPak.

Advertisment

This type of malware is popularly known as ransomware and is spread using social engineering tricks especially via email such as fake FedEx or UPS tracking notifications with attachments. Once the victim opens such email attachments, CryptoLocker gets installed and starts scanning the hard disk for all kinds of documents.

These include images, videos, documents, presentations and spreadsheets. Thereafter, it encrypts these files, converting them into an unreadable form. The ransomware then pops up a message, like the once shown below, in which it demands the victim to pay up $300 (currently) to buy a private key to decrypt the files. The message also displays a time limit within which the payment must be made.

CryptoLocker uses unique RSA encryption method of public private key pair to encrypt each of its victim's data. It is not possible to decrypt the files encrypted in this way until one has access to the private key. The malware stores the private key on its command and control server which is not known. Since the decryption key is not stored on the infected computer, it is very difficult to decrypt the data encrypted by this malware.

Advertisment

The malware gives a deadline of 100 hours to pay the ransom and get the private key to decrypt the data. If the amount is not paid it destroys the private key and your encrypted data is locked forever with no way to recover it.

Prevention is better than cure. So here's what you can do:

1. The biggest threat from ransomware is losing your important files. Therefore, nothing would be wiser than taking regular backups of such files. Preferably, keep the backup offline.

Advertisment

2. Do not miss out on any kind of update; whether it is for your computer's OS, Internet browsers or any software installed in the system.

3. Ensure that you are using multilayered antivirus software for your computer that remains active and updated.

4. Having a sandbox protection feature in your antivirus greatly mitigates the risk of infection from malicious websites.

5. Never entertain unknown or unwanted emails with attachments, especially those that come from banks and other financial institutions. Have a proper anti-phishing and anti-spam protection installed to filter out the fraudulent emails.

tech-news