If you don’t know what ransomware is, consider yourself lucky – it’s something you don’t want to contend with, whether it targets you personally or your small business. Nevertheless, a new type of ransomware has begun to plague the Internet, and it’s important to be aware of it so it can be avoided at all costs.
In general, ransomware freezes your computer on a window that requires you to pay a fee to regain access to your computer’s files. This type of ransomware is well-known, and many anti-viruses have excellent protection against these programs, even after they’ve been installed and have taken over your computer.
However, a new threat that was first discovered by Sophos has begun to threaten machines worldwide. Sophos calls it Troj/Ransom-ACP, but when the program infects your computer, it calls itself “CryptoLocker”. Instead of simply freezing your computer, it encrypts every single one of your files. This includes images, installed programs, and documents. Decryption is easy as long as you have a copy of the key, but unfortunately it isn’t stored on your computer. In fact, it’s stored remotely on the hacker’s server, and there is currently not a way to unlock a computer that has been infected without paying the fee.
Any attempt to unlock the computer results in a “destruction of the private key on the server,” which means you can no longer unlock the encrypted data on your computer even if you do pay the ransom fee.
Currently the fee rests at about $300, or two Bitcoins, and the program only gives you three days to pay up. Otherwise the encrypted data is lost forever.
CryptoLocker can sometimes go several days undetected. The virus “spends” those days scrambling computer files in the background and identifying you and your computer to those who are running the software. Once it’s done with that, it locks your computer and begins the three day countdown.
Currently, the virus can be removed before it locks your data by using the Sophos Virus Removal Tool, located here. Keep in mind that this tool is not to be used as a replacement for your current antivirus because it does not have any form of real-time scanning. However, it does co-exist with any other antivirus you have installed on a computer.
While the Sophos tool can reclaim your computer if CryptoLocker has hijacked it, it cannot unencrypt the data that was encrypted by the ransomware. That information, once you clear CryptoLocker off of your computer, is gone forever. The files can be deleted, however.
Keep in mind that this particular ransomware is also available for purchase through certain hacker channels, so anyone with a few dollars in equipment and some spare change can pick it up and begin to infect computers. Simply put, this ransomware can be hiding in any downloaded file, including files you’ve downloaded months ago. This is because CryptoLocker is designed to use other malware as a “backdoor” into your files. The idea is that if you’ve ignored other malware, you probably don’t have any sort of virus protection, and that’s what CryptoLocker is looking for.
Employees of small businesses should know anything they download should be scanned immediately. While CryptoLocker is not currently self-replicating and therefore can’t spread through a network, it can still affect your network by freezing files that were shared. This can include select Cloud stored data, USB drives, and other important business files.
In addition, Sophos does not recommend paying up the bounty for your data. When a network and a computer is using the proper tools for protection, CryptoLocker should not be a problem. So make sure your first line of defense is strong so you can keep CryptoLocker out.
Image Credit: Wang Wei