What is a Ransomware and the CryptoLocker Virus?
Posted on May 3, 2016 in IT Security, Secure Email
Ransomware is a type of malware that prevents or limits users from accessing their system or data. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to unlock their data.
Users may encounter this threat through a variety of ways. Ransomware can be downloaded by users by visiting malicious websites. It can also be downloaded by other malware. Some ransomware are delivered as attachments to spammed email. Once executed in the system, a ransomware can either lock the computer screen or encrypt predetermined files with a password. Once infected, the malware shows the instructions on how users can pay for the ransom. The second type of ransomware locks files like documents, spreadsheets and other important files.
Attackers may use one of several different approaches to extort money from their victims:
- After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever. These ransoms are often required to be paid in hard-to-trace Internet currency.
- The victim is tricked into believing he is the subject of a police investigation. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
- The malware encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.
Security companies first identified the CryptoLocker attacks in September 2013, believe that the virus struck 250,000 computers in its first 100 days. Other security researchers believe the latest versions of ransomware were created by hackers in Eastern Europe and Russia. The hackers conceal their identities by deploying the virus through the dark web. The dark web, an unindexed arm of the Internet, allows users to bounce their communications through multiple computer servers to make them nearly impossible to trace.
The hacker infects computers by sending tainted e-mails that appear to come from the FBI, local police agencies or package delivery services such as UPS and FedEx, or in PDF attachments. When the user opens the e-mail or file, the virus infects the PC. The hacker will also implant the viruses on websites, then try to lure people there, often with pornography or the promise of free items.
The best way to combat a CryptoLocker virus or other ransomware is to establish a line of defense by using paid-for security software from a reliable security software vendor. Keep both the application and virus definition lists up to date. Virus definitions are the lists of malware and viruses that the program knows how to address. Using a spam-blocking software or spam hardware device will limit the amount of tainted emails that reach your inbox in the first place.
Last, but certainly not least, always make multiple copies of your data. The best way to recover from a ransomware virus is not to give in and pay the ransom, but rather wipe the hard drive of the infected machines, reload, and then restore the data. Sometimes having principals and not paying the ransom is not the easiest way, but it’s the best way!