Last year a new type of malware emerged and began to spread across the globe. Dubbed "CryptoLocker", it was targeted at Microsoft Windows systems. This malware, widely reported in September and October 2013, was designed to nab user data, keeping it hostage until the victim paid a ransom. If the ransom was not paid, it was threatened the files would be destroyed. More recently, a newer variant of this type of ransomware emerged, called Cryptowall, and heavily affected a town in New Hampshire.
How does Crypto-based malware work?
CryptoLocker and Cryptowall are classified as variants of ransomware. This type of malware allows an exploiter to find personal and business files located in various sections of a network or computer system. Once it finds the files it seeks, it remotely "locks" the victim's files, rendering their data off-limits, using asymmetric encryption. Once the victim's files are effectively out of reach and "locked", the exploiter(s) demands a payment in exchange for decryption, allowing the user to have his or her files back. If the user doesn't pay, the files remain locked until payment is made. If payment, which is demanded as hundreds of dollars, is not made, the victim typically receives a message the locked files will be destroyed.
The types of files affected are ones most people typically use routinely, such as documents, spreadsheets, photos, videos and similar files. Basically, the types of files people are emotionally or financially attached to. Sophos Security noted in October 2013, the rest of a computer continues to run as expected minus the access to these files.
In the past CrytoLocker victims were told they had 3 days to pay. Some got their files back, others did not. This ransomware recently made headlines again in June with the FBI calling it one of the most "sophisticated" computer viruses ever. To date, hundreds of thousands of people have reportedly been affected with victims paying out tens of millions of dollars in hopes of getting their files back.
Ways CryptoLocker infects computers
There are a few ways CryptoLocker can infect a computer. Often the malware arrives through phishing emails that impersonate legitimate businesses. The emails usually contain an attachment that users have downloaded and been tricked into taking action, activating the malware. Other ways the malware spreads is through botnets or, more recently, through advertisements online. One particular botnet, called "Gameover" was reportedly instrumental in spreading this type of malware.
At this time of its discovery, only Microsoft Windows systems (Windows 8, Windows 7, Vista and XP) were said to be vulnerable to CryptoLocker, but Apple and Linux users running Windows in virtual environments were also susceptible. But this doesn't mean non-Windows users may not eventually fall into the pool of affected operating systems; as an operating system gains larger market shares, malware designers tend to widen the scope of potential victims.
How to avoid CryptoLocker
The tricky part with this one is the exploiters have the control. A good anti-virus software can remove the infection, but it cannot decrypt files being held ransom. Experts recommend users do routine backups of important files and keep anti-virus software current with the latest updates and to update other software patches as well as vendors issue them. Malware often is disguised as something alluring or useful and crypto-based malware is no exception. If you receive an email with an attachment, it is a good idea to instead visit the official website and contact the company before ever downloading a file. One scheme commonly used by the exploiters was to mimic companies, such as FedEx and UPS, and send out fake tracking "documents". Keep in mind, most businesses offer tools on their site and/or do not routinely send out attachments. Always check with an official source.
This is one nasty piece of malware and, according to recent reports, new variants continue to emerge. Like any other malware threat, with crypto-based malware it is important to be proactive and on alert. Your personal files depend upon it.