BITS & BYTES: New malware steals your files forever

2014-01-01T10:46:00Z 2014-01-01T17:33:16Z BITS & BYTES: New malware steals your files foreverApril Miller Cripliver Times Business Columnist
January 01, 2014 10:46 am  • 

Q: What is CryptoLocker, and why should I be afraid — very afraid — of it?

A: An especially nasty form of ransomware known as CryptoLocker is putting computer users at risk of losing their files forever.

CryptoLocker is a ransomware Trojan that first surfaced in September. A CryptoLocker attack may come from various sources, but it is probably disguised as a legitimate email attachment.

When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers.

The malware then displays a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a specific deadline, and threatens to delete the private key if the deadline passes. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators for a significantly higher price in Bitcoin.

Although CryptoLocker itself is easily removed, the files remain encrypted. There is nothing new about ransomware — different forms of it have been circulating since 1989 — but in recent weeks Internet security firms have reported a surge in computers infected with CryptoLocker.

Once CryptoLocker infiltrates a computer, it encrypts files, making them unreadable and permanently unusable unless they are decrypted with the attacker’s private key, which is unlikely to happen even if the ransom is paid. Currently, infected users are instructed to pay $300 to receive this private key within 100 hours or "the server will destroy the (private) key,” at which time nothing can be done to restore the files.

In December, ZDNet traced four Bitcoin addresses posted by users who had been infected by CryptoLocker in an attempt to gauge the operators' earnings. The four addresses showed movement of 41,928 BTC (Bitcoin) between Oct. 15 and Dec. 18 — a value of about $27 million.

Although anti-virus experts are hard at work, currently there is no fix. While techies can often remove ransomware that simply freezes computers, restoring encrypted files are trickier. So an off-computer backup of files, such as a USB drive, is excellent insurance against a ransomware attack. Since there is no guarantee that paying the demanded ransom will retrieve files from the infected computer, it is wise to practice safe computing:

  • Make regular backups, and store them somewhere safe, preferably offline.
  • Don’t click on email attachments unless you know the sender and what the attachments are.
  • Be careful when surfing on music sites or doing online searches of celebrities or other in-the-news topics. They often lead to malware-laden websites or links.
  • Delete emails with no subject line, even if you recognize the sender’s name.
  • Scan your computer using anti-virus and anti-malware utilities from known providers, and keep this software up to date.

Opinions are solely the writer's. April Miller Cripliver of Chesterton holds a doctorate in management information systems and is a computer hardware and software consultant. E-mail your computer questions to, and specify your operating system and other pertinent PC information.

Copyright 2014 All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Follow The Times

Latest Local Offers

Featured Businesses

In This Issue

Professionals on the Move Banner
Get weekly ads via e-mail



Should struggling small school districts merge with their neighbors?

View Results