FLASH: CryptoLocker malware is on the loose …

There is a new version of ransom malware called CryptoLocker.  It started showing up in October, 2013 and to date only infects MS Windows systems (though like all malware, MacOS can be a carrier).   It works the traditional way: An legit looking attachment is opened and it proceeds to hunt down data files including MS Office data files, pictures, sound and video files.  Once it finds the files, it encrypts them with a 2,048 bit key, which is impractical to brute-force break.  It then gives you 72 hours to pay $300, 300 Euro or 2 bit coins to unlock the files.   After 72 hours, they claim to destroy the key.

clock-130In November, the developers of CrptoLocker unveiled an on-line service to help folks recover their files after the 72 hours has expired, for a much higher fee.

Since this malware is difficult to detect even with the most sophisticated anti-malware software, the best way to avoid it is to engage in good computer practices, like never allowing software to be installed on your machine unless you specifically request it.  Don’t open attachments from anyone, including friends unless you’re sure the sender actually sent it and you trust them.   For more on malware, see my The war on malware  and Don’t you hate it when you’re right posts.

The other crucial thing is to perform regular backups of your data.  The good news (if there is good news with this type of malware) is that the ransom code doesn’t lock up your computer, it just locks up your files.  So, once the malware software has been removed (which I understand is straightforward), you can recover your data from backups.  For more information on backups, see my Data Safety: Backups post.

One final comment: If this happens to you, get help fast.  I’d highly recommend that you not pay the ransom for two reasons: First, there is no guarantee that they will unlock your files.  Second, you will let the bad guys know you will pay.

For more information, see:

  • Today show article
  • A good article from the security firm Sophos
  • Wikipedia article on what it is and its history

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: