June 15, 2016

CryptoLocker (Again)

Filed under: Main — Tags: , — admin @ 12:01 am

A special type of computer malware is succeeding where other viruses only dream to tread: The CryptoLocker virus is on the move, infecting computers, encrypting data, and requiring individuals and organizations to pony up money to get their data back. It’s insane that people are falling for this ruse.

I originally wrote about CryptoLocker back in November, 2013. Not much has changed: When the virus arrives, it may act immediately or it might delay. Eventually, it encrypts all the data on the PC’s primary storage device. (CryptoLocker is currently specific to Windows.)

When you start the PC, or just log in, you see a message: Pay $n to get your data back, where n is a monetary amount, typically $300 or so. The malware is successful because, frankly, the price is low enough to make it profitable. That’s the insidious key to CryptoLocker’s success: People keep paying up.

The money is often sent via bitcoin to some unknown server or even a temporary address. Then the decryption password is provided — another credit to the Bad Guys for keeping their word — and the user gets his data back.

The recent spate of CryptoLocker attacks have targeted government agencies. Everything from police departments to state tax commissions have been hit. Government IT departments are training their employees, but a lot of work still needs to be done.

At my local City Hall, a fake phishing message was recently sent out. The IT department fabricated the message to see who exactly would reply. The exact numbers aren’t known, but a terrifyingly huge amount of employees responded to the phishing attack.

Had the attack been CryptoLocker, those employees would have downloaded the virus, which arrives as a text file. Coupled with a Microsoft Word macro-infected document, the text file type is changed to an executable Java file, which is then launched. The Java program invites CryptoLocker in from the Internet, the computer’s data is scrambled, or in the case of a government agency, network storage is scrambled. Then the ransom note appears.

If you don’t want to pay the ransom, you can restore files from a backup. The shocking news is that too many of these government agencies don’t keep backups. In fact, a local Fire District paid $300 just last month to recover their data because they didn’t have a backup.

Because of the way CryptoLocker is installed via a text file, most antivirus programs don’t intercept it. So the best way to avoid infection is to be smart: Don’t click on unknown links in email messages. Don’t open unexpected attachments, especially ZIP files. And, as I mentioned in the preceding paragraph, backup! A regular computer backup is your best defense against a host of maladies.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Powered by WordPress