Q: What is CryptoLocker, and why should I be afraid — very afraid — of it?
A: An especially nasty form of ransomware known as CryptoLocker is putting computer users at risk of losing their files forever.
CryptoLocker is a ransomware Trojan that first surfaced in September. A CryptoLocker attack may come from various sources, but it is probably disguised as a legitimate email attachment.
When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers.
The malware then displays a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a specific deadline, and threatens to delete the private key if the deadline passes. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators for a significantly higher price in Bitcoin.
Although CryptoLocker itself is easily removed, the files remain encrypted. There is nothing new about ransomware — different forms of it have been circulating since 1989 — but in recent weeks Internet security firms have reported a surge in computers infected with CryptoLocker.
Once CryptoLocker infiltrates a computer, it encrypts files, making them unreadable and permanently unusable unless they are decrypted with the attacker’s private key, which is unlikely to happen even if the ransom is paid. Currently, infected users are instructed to pay $300 to receive this private key within 100 hours or "the server will destroy the (private) key,” at which time nothing can be done to restore the files.
In December, ZDNet traced four Bitcoin addresses posted by users who had been infected by CryptoLocker in an attempt to gauge the operators' earnings. The four addresses showed movement of 41,928 BTC (Bitcoin) between Oct. 15 and Dec. 18 — a value of about $27 million.
Although anti-virus experts are hard at work, currently there is no fix. While techies can often remove ransomware that simply freezes computers, restoring encrypted files are trickier. So an off-computer backup of files, such as a USB drive, is excellent insurance against a ransomware attack. Since there is no guarantee that paying the demanded ransom will retrieve files from the infected computer, it is wise to practice safe computing:
- Make regular backups, and store them somewhere safe, preferably offline.
- Don’t click on email attachments unless you know the sender and what the attachments are.
- Be careful when surfing on music sites or doing online searches of celebrities or other in-the-news topics. They often lead to malware-laden websites or links.
- Delete emails with no subject line, even if you recognize the sender’s name.
- Scan your computer using anti-virus and anti-malware utilities from known providers, and keep this software up to date.