A new form of malicious software that literally holds your personal computer to ransom has arrived. It’s called ransomware and is capable of preventing you from ever accessing information on your computer again unless you pay the writer a ransom of hundreds of dollars.
The newest is called CryptoLocker, a variation on the pervasive FBI or NZ Police virus. The older ransomware displays messages which accuse the user of criminal activity, suggesting upon the payment of an online penalty the computer will return to normal operation. However, upon payment of the ransom fee, the computer remains unusable and often requires professional assistance to return it to a working state.
The newer CryptoLocker differs by taking the ransom to a whole new level. Upon infection it doesn’t make a fanfare, to the contrary, it acts in stealth performing a nefarious task in the background. You probably won’t even notice the task running, as CryptoLocker silently encrypts your data files, including your precious family photos, vital Microsoft Word documents, spreadsheets, and email.
Upon completing the encryption of your files, it sends the unique key required for decrypting and unlocking your files over the internet to a secure remote server, and then the ransom begins. Immediately the CryptoLocker window displays containing the image of a shield, instructional text, and a countdown timer.
It’s important to understand that the ransomware is not bluffing. Unless you pay the ransom, you will lose access to any files that have been encrypted. Once the countdown starts you have about three days to make payment, otherwise the key is destroyed and you permanently lose the ability to decrypt your files.
The only positive, yet frighteningly concerning kicker is that by paying the ransom, CryptoLocker requests the key from the remote server, uses the unique key to decrypt your files, and then proceeds to uninstall itself.
The effectiveness of antivirus and internet security software against ransomware is murky.
ESET’s Smart Security software can detect and block many variants of the malware, however, because new versions of CryptoLocker are being released frequently, it is important that systems are receiving regular virus database updates. Smart Security checks for updates every hour, taking precautions to ensure that the computer is not vulnerable to new infections.
But as is the case with other trojan families, cybercriminals developing the ransomware have a number of different methods of getting the malware onto a victim’s system.
Robert Lipovsky, of the security company ESET, writes on the We Live Security blog that they “have also seen different cases, when the attacker managed to install ransomware onto the system manually through compromised Remote Desktop Protocol credentials. What’s important, though, is that in such a case the attacker can gain full access to the targeted machine just as if he was sitting behind the desk, disabling any antivirus protection and doing whatever they please, including installing malware.”
The simple way to avoid being snared as a victim of this new and effective form of ransomware, is to ensure you regularly backup your files to an external location. This could be either an external drive that only is connected when performing a backup, or a cloud storage solution configured for retention of changed and deleted files.