When we first reported on the now infamous malware CryptoLocker in September of 2013, the virus had only made its way onto a few thousand machines across the entire globe. Now the infection is spreading faster than ever, with the holiday season coming to a close and thousands of UPS and FedEx customers being unwittingly tricked into clicking a link in the spoof email used to distribute its malicious code onto Windows computers.
Preventing the Attack
As usual, the best method of dealing with this virus (or any virus for that matter), is prevention. Because it’s next to impossible for a standard user to crack the 2048-bit RSA cryptography that the virus relies on to take your files hostage, the best bet to avoid having to pay ransom is to batten down the hatches ahead of time, instead of when the storm is suddenly on your doorstep and you’re left scrambling trying to find some spare change in the folds of the couch.
Don’t click on any emails you don’t explicitly recognize first, and never download any attached files unless you were expecting them to come in from a trusted and reliable source. Reports are flooding in that targeted PCs were duped during the holiday season by spoofed tracking numbers from supposed UPS and FedEx servers. Users would receive a warning informing them something had gone awry with their package, after which they would click on a defunct .pdf file that automatically unzipped the program onto their home computer.
Two programs from WatchGuard called WebBlocker and Reputation Enabled Defense are showing promising results as an effective method to squelch the virus when it attempts to communicate from your machine to the servers back home. Without the connection CryptoLocker can’t activate, giving you enough time to safely backup all your important information and use McAfee or Norton antivirus programs to quarantine the infection and move it off your hard drive before it has the chance to do any real damage.
The hackers behind CryptoLocker have achieved something quite genius for themselves in this newest campaign to steal the hard earned dollars of honest working individuals out there.
See, by actually giving people a chance to regain access to their files if they pay the ransom within the 72 allotted hours as instructed, the media has inadvertently picked up the story that paying the hackers off is an effective method of retrieving your most precious memories back from the grips of some script kiddie hunkered down at a net cafe somewhere in Brazil.
In holding up their end of the bargain, this encourages thousands more non-tech savvy people to pony up the fee just to get the chance to see their family photos one last time. The infection itself can be cleaned up with standard antivirus products on the shelves at your local Best Buy, however the 256-AES bit encryption employed by these crime rings has thus far proved itself to be essentially uncrackable. Once infected, unfortunately the only way to retrieve that data is to pay the ransom in the allotted three days or risk having it all wiped in the blink of an eye.
And despite how badly you might want those files back, we have to suggest that you don’t give into their demands, as this will only set an example and encourage more blackhats to follow down the same path.
To avoid being forced to make this Sophie’s choice of security, always practice an ideology of prevention over reaction, and preparation before total destruction. This way, you won’t ever find yourself in a position that might compromise your most sacred photo albums, or the crease of your wallet depending on how much either might be worth.