If you thought it was bad when your computer would get a blue screen of death every few days due to a pesky malware infection, you haven’t seen anything yet.
As anonymous online currencies such as Bitcoin and Altcoin rise rapidly in popularity among users wishing to buy goods while maintaining secrecy online, an unseen consequence has started to rear its head on unsuspecting users desktops nationwide.
This new type of virus, dubbed “CryptoWare”, gives its unsuspecting victims exactly 72-hours from the point of infection to pay 2 bitcoins, or roughly $300 USD, to an anonymous address. A warning is displayed that informs users their files are locked using a 2048-bit version of the RSA cryptographic algorithm, and that the data will be deleted permanently unless the private key is obtained from the malware distributor within three days of the infection.
“The server will destroy the key after a time specified in this window,” the screen warns, displaying a clock that starts with 72:00:00 and goes down from there. “After that, nobody and never will be able to restore files. To obtain the private key for this computer, which will automatically decrypt files, you need to pay 300 USD / 300 EUR / similar amount in another currency.”
Anecdotal reports have been pouring into the reddit thread that originally spawned this story, with many users claiming that once they paid the fine their data was restored completely, and the malware uninstalled itself automatically after the timer ran up. Others who pushed the countdown past the point of hitting zero did not fare as well, reporting they lost hundreds of gigabytes of data not only on their primary drives, but also any backups or network drives that may have been connected at the moment of infection.
So far, no one has had any luck in breaking the encryption or finding a way to disable the countdown, and the only real option users have available to them post infection is to reset their BIOS clocks every three days to buy time until they come up with enough cash to pay off the scammers.
“This bug is scary and could really wipe the floor with lots of small businesses that don’t have the best backup practices,” the report observed. “Given the easy money available to scam operators, it’s not hard to see why.”
It’s estimated hackers are able to pull in over $5 million a year with schemes like this one, and if you don’t want to add your hard earned money to that statistic the best way to avoid trouble is to put a barrier between you and the rest of the open web. With a VPN provider like Express VPN, you can hide yourself securely behind any one of their over 200 servers, located in 35 different countries globally. They feature mobile apps to help you stay protected on the go, as well as 24/7 support for all their users who might have questions or concerns.