Thursday, December 12, 2013

The Cryptolocker Scourge

Screen Capture of Cryptolocker

Crypotolocker. That sounds a little like a cheap Hollywood thriller but is actually one of the more devastating viruses we have ever seen.

My friend Jeff Whitten at ShoalsWeb recently came across this booger in his shop and suggested I alert both my readers. Cryptolocker is a new variant of an old malicious class of software called “Ransomware.” Ransomware holds your personal data captive until you give up some money. In the past, the victim would be attacked via various methods and their data--picture, documents, music--would disappear from their computer. The actual data was still there, it was just hidden from view until someone who knows what they were doing un-hides the files. But Cryptolocker is scarier. It doesn't just hide your data, it actually encrypts it using a powerful algorithm.

A user can infect their PC by opening an attachment that comes with an email. The email may appear as a “shipment notification” from a well known retailer such as Amazon or eBay. It may also appear as a “bank statement” alerting you of fictitious transactions or other attention-grabbing subject lines. However they appear, they are fake. NEVER open an attachment from anyone unless you know the sender well.

The virus may also infect your computer via “exploits” found in common software. For example, if you fail to keep your “Adobe Flash Player” and “Java” updated, you can catch this virus just by visiting an infected website even if you have antivirus software installed. By the time your antivirus program detects the virus, it has already encrypted your files. You smug Mac and Linux users are safe for now but this will be a lucrative virus so it’s just a matter of time before you guys are targeted, too.

Once your computer is infected, all your stuff is scrambled by a very powerful encryption scheme. The virus can also spread to attached network or external drives so your backups become worthless, too. The virus itself is easy enough to remove using conventional antivirus programs but no one can access the encrypted files unless they are given a “key” by the criminals. You cannot have the key unless you wire them $300.00. Even after you pay the ransom, you are still not likely to get your data back. Making matters worse, the encryption has a “time bomb” built into it. If you don’t pay the criminals with 48 hours, they promise to destroy the software “key” so that there is no chance of recovery. Nice huh?

So how do you protect yourself against a virus that you can’t defend yourself from? You must have backups of your backups. In addition to a local backup (to an external hard drive of USB stick), you should also have “off site” or online backups of your stuff. If you back-up to a local drive, be sure to perform an “incremental” backup. That way, you can restore you uninfected staff from a backup that occurred prior to getting infected.
Here is an interesting YouTube video if you want more information:

No comments: