Example: [Collected via e-mail, October 2013]
Origins: The so-called "CryptoLocker virus" is an example of ransomware, a class of malware that, once it has infected a particular computer system, restricts access to that system until the user pays a ransom. CryptoLocker is a particular form of ransomware known as cryptoviral extortion, a scheme in which key files on the system's hard drive are encrypted and thus rendered inaccessible to the user unless and until that user pays a ransom to obtain a key for decrypting the files.
The CryptoLocker worm is generally spread via drive-by downloads or as an attachment to phony e-mails disguised as legitimate messages from various business, such as fake FedEx and UPS tracking notifications. When a user opens such a message, CryptoLocker installs itself on the user's system, scans the hard drive, and encrypts certain file types, such as images, documents and spreadsheets. CryptoLocker then launches a window displaying a demand for ransom (to be paid in less-traceable forms such as Bitcoins and Green Dot Moneypaks) and a countdown timer showing the date and time before which the user must submit payment in order to obtain the decryption key before it is destroyed:
According to various accounts, users whose computers have been infected by CryptoLocker have been able to restore their files by paying the demanded ransom (usually $300 to be paid within
The good news is that paying the ransom does actually decrypt the files, and the hackers behind CryptoLocker so far have been honest and not reinfected computers after the ransom is paid.
Security companies are working on a protection, but there isn’t one yet. Users should remain vigilant about their security online, double-checking the legitimacy of links received in emails and social media messages.
CryptoLocker currently only affects PCs and can easily be removed with anti-virus software, but its effects cannot. "I don't think anyone in the world could break the encryption," says Gavin O'Gorman, spokesman for internet security firm Symantec. "It has held up for more than
Ryan Rubin, MD of global risk consultancy Protiviti, agrees: "CryptoLocker has been designed to make money using well-known, publicly available cryptography algorithms that
So should anyone hit by CryptoLocker pay up? "You'd be in the same situation if your laptop got stolen — it just feels worse because you know that there is someone out there who has got this key. If your data is worth $300 to you, it must be very tempting to pay up, just in case it works," Ducklin says.
According to Symantec, around 3% of people hand over money in the hope of getting their data back. "But remember, you're dealing with criminals," Rubin says. "There is no guarantee they'll send you the key, and if they know you're susceptible to blackmail what is to stop them from doing it again?"
Bear in mind that every penny you pay them will fund their endeavors to target other victims. "If even a few victims pay then the cybercriminals will think they have got a viable business model and keep infecting people and asking for ransoms. If nobody pays, they will stop these campaigns," says Dmitri Bestuzhev, spokesperson for Kaspersky anti-virus software
| CryptoLocker |
Ducklin, Paul. "Destructive Malware 'CryptoLocker' on the Loose — Here's What to Do." Naked Security. 12 October 2013. Ferguson, Donna. "CryptoLocker Attacks That Hold Your Computer to Ransom." The Guardian. 18 October 2013. Neal, Ryan W. "CryptoLocker Virus: New Malware Holds Computers for Ransom." International Business Times. 21 October 2013.