Forgot your password?

What is Crypto-based Malware and How Does it Work?

By Edited Jul 4, 2015 0 0

Last year a new type of malware emerged and began to spread across the globe. Dubbed "CryptoLocker", it was targeted at Microsoft Windows systems. This malware, widely reported in September and October 2013, was designed to nab user data, keeping it hostage until the victim paid a ransom. If the ransom was not paid, it was threatened the files would be destroyed.  More recently, a newer variant of this type of ransomware emerged, called Cryptowall, and heavily affected a town in New Hampshire.

How does Crypto-based malware work?

CryptoLocker and Cryptowall are classified as variants of ransomware. This type of malware allows an exploiter to find personal and business files located in various sections of a network or computer system. Once it finds the files it seeks, it remotely "locks" the victim's files, rendering their data off-limits, using  asymmetric encryption. Once the victim's files are effectively out of reach and "locked", the exploiter(s) demands a payment in exchange for decryption, allowing the user to have his or her files back. If the user doesn't pay, the files remain locked until payment is made.  If payment, which is demanded as hundreds of dollars, is not made, the victim typically receives a message the locked files will be destroyed. 


The types of files affected are ones most people typically use routinely, such as documents, spreadsheets, photos, videos and similar files. Basically, the types of files people are emotionally or financially attached to. Sophos Security noted in October 2013, the rest of a computer continues to run as expected minus the access to these files.

In the past CrytoLocker victims were told they had 3 days to pay. Some got their files back, others did not. This ransomware recently made headlines again in June with the FBI calling it one of the most "sophisticated" computer viruses ever. To date, hundreds of thousands of people have reportedly been affected with victims paying out tens of millions of dollars in hopes of getting their files back.

Ways CryptoLocker infects computers

There are a few ways CryptoLocker can infect a computer. Often the malware arrives through phishing emails that impersonate legitimate businesses. The emails usually contain an attachment that users have downloaded and been tricked into taking action, activating the malware. Other ways the malware spreads is through botnets or, more recently, through advertisements online. One particular botnet, called "Gameover" was reportedly instrumental in spreading this type of malware.

Credit Card Theft

At this time of its discovery, only Microsoft Windows systems (Windows 8, Windows 7, Vista and XP) were said to be vulnerable to CryptoLocker, but Apple and Linux users running Windows in virtual environments were also susceptible.  But this doesn't mean non-Windows users may not eventually fall into the pool of affected operating systems; as an operating system gains larger market shares, malware designers tend to widen the scope of potential victims. 

How to avoid CryptoLocker

The tricky part with this one is the exploiters have the control. A good anti-virus software can remove the infection, but it cannot decrypt files being held ransom. Experts recommend users do routine backups of important files and keep anti-virus software current with the latest updates and to update other software patches as well as vendors issue them. Malware often is disguised as something alluring or useful and crypto-based malware is no exception.  If you receive an email with an attachment, it is a good idea to instead visit the official website and contact the company before ever downloading a file. One scheme commonly used by the exploiters was to mimic companies, such as FedEx and UPS, and send out fake tracking "documents". Keep in mind, most businesses offer tools on their site and/or do not routinely send out attachments. Always check with an official source.

This is one nasty piece of malware and, according to recent reports, new variants continue to emerge.  Like any other malware threat, with crypto-based malware it is important to be proactive and on alert. Your personal files depend upon it. 



Add a new comment - No HTML
You must be logged in and verified to post a comment. Please log in or sign up to comment.


  1. Microsoft "What is ransomware?." Safety & Security Center. 6/07/2014 <Web >
  2. Dan Goodin "We “will be paying no ransom,” vows town hit by Cryptowall ransom malware." Ars Technica. 07/06/2014. 6/07/2014 <Web >
  3. "‘Cryptolocker’ holds computers hostage." Today.com. 17/06/2014. 6/07/2014 <Web >
  4. Paul Ducklin "Gameover and CryptoLocker revisited - the important lessons we can learn." Naked Security. 09/06/2014. 6/07/2014 <Web >
  5. "CryptoLocker ransomware - see how it works, learn about prevention, cleanup and recovery." Naked Security. 13/10/2013. 6/07/2014 <Web >
  6. Andrew Tsonchev "RIG Exploit Kit Strikes Oil ." Cisco. 05/06/2014. 6/07/2014 <Web >
  7. " CryptoLocker - Dangerous ransomware." Oregon State University. 6/07/2014 <Web >

Explore InfoBarrel

Auto Business & Money Entertainment Environment Health History Home & Garden InfoBarrel University Lifestyle Sports Technology Travel & Places
© Copyright 2008 - 2016 by Hinzie Media Inc. Terms of Service Privacy Policy XML Sitemap

Follow IB Technology