Beware of CryptoLocker Ransomware

It starts with a simple e-mail message telling users to click on a link to track a package delivery.

131028It is being called the perfect crime and it has law enforcement around the globe baffled.

If someone clicks on the message, malware instantly encrypts the user’s computer and keeps it locked until the users pays the unknown thieves an untraceable ransom from $300 to $750 dollars to unlock the files.

“I would think about this particular type of malware as what would happen if your computer was destroyed,” Kevin Swindon, an FBI agent in Boston, told WBZ.

In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.

As the ransomware takes over your computer, a countdown clock appears and shows victims  how long they have to pay up. That means purchasing a key, or software, to reverse the process. And victims must do that using the online virtual currency known as bitcoins.

Once you purchase a bitcoin, the transaction is encrypted, and therefore you cannot trace it.

The encryption process even impacts files backed up by online storage services like Carbonite. According to Carbonite technical support, “Since the CryptoVirus activity modifies the files as it locks them, these changes mark the files as having been updated and Carbonite backs up the infected (locked) versions of these files.”

However, Carbonite may be able to help subscribers recover uninfected versions of the file from the backup archives.

The scheme could be the work of organized gangs overseas. So far, no one has been caught.

Warning Statement from the FBI

The FBI is aware of a file encrypting Ransomware known as CryptoLocker.

Businesses are receiving e-mails with alleged customer complaints containing an attachment that, when opened, appears as a window and is in fact a malware downloader.

This downloader then downloads and installs the actual CryptoLocker malware.

The verbiage in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files, you need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300 to be paid in order to decrypt the files.

Unfortunately, once the encryption of the files is complete, decryption is not feasible.

To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, you need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server.

However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.

As with any virus or malware, the way to avoid it is with safe browsing and e-mail habits. Specifically, in this case, be wary of e-mail from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe.

Be especially wary of unexpected email from postal/package services and dispute notifications.

If you have been a victim of an internet scam, please file a complaint at www.ic3.gov.

For more information on e-scams, please visit the FBI’s E-Scams and Warnings webpage.

Worth Pondering…

There will never be a time when life is simple.

This entry was posted in RV Accessories, RV Tips and tagged , , , , , . Bookmark the permalink.

Leave a Reply