Security experts at Dell SecureWorks discovered earlier this year a new "ransomware" called Cryptowall. According to SecureWorks - this is the largest and most destructive threat of its kind at the present time.
Definition of ransomware:
Denotes malicious software whose single function it is to harm your computer, and then demand a monetary ransom to fix it - restore your files. It can be compared to the Somali pirates in the Indian Ocean where they hold the ships hostage for a ransom. They all pay. Mostly because the value of the ship (data in your case) is so much higher than the ransom.
Ransomware can be found in numerous permutations, and though many of them can be removed with antivirus software, there is really nothing on the market these days that would be able to remove the new generation - which is based on encrypting the files on your computer.
The best known of them is CryptoLocker - which was discovered in the fall of 2013. It is estimated that this software alone infected over 1 million Windows computers. In one case recently, the victim had to pay $10,000 USD - we believe the criminals have earned millions of dollars on payments like that.
How ransomware works:
They are mostly distributed via email. CryptoLocker, CryptoWall and related solutions spread mostly through email attachments, where you get an e-mail with a zip file that contains an executable file (a program that runs on your computer).
The attachement however, is cleverly disguised as a PDF file, because the icon of the file is the same as pdf files have the rest of the operating system. As a programmer, I can tell you this is very easy to do. Then, often the file name might say that there is talk of an invoice, court action, order acknowledgment and the like. Therefore, it is easy to walk five and open the file. Personally, within the last week I have received dozens of these in my Gmail account - all blocked by Gmail.
CAUTION: If you get emails like this should not click on the link.
You should be aware of the fact that it is not only via email people have been infected. It can also be done by downloading a "free software" from a not too reliable website, or via security holes in the browser.
How the files get encrypted.
When the Cryptowall or Cryptolocker file opens on your infected computer, it retrieves a public encryption key from the hacker's servers. This key is then used to encrypt ALL files on the hard drive and attached drives. Including documents, photos, music files, spreadsheets etc. Web storage services like Dropbox, as well as network drives do not need to be exempted from encryption.
When a file has been encrypted, you can no longer read its contents. To do that you need a key (the private key) used to decrypt the files again, and this is where the ransom comes in.
Requires thousands of dollars
When encryption of files is finished, a window appears on the screen informing the user that the files have been encrypted. To obtain the private key, you will have to visit a website and pay the criminals in the digital currency Bitcoin (or equivalent currencies) to a given address can be different for each victim. The sum is typically 2-3,000 USD if you pay right away. If you don't, the amount is doubled and quadrupled if you wait too long. In one case, the victim had to pay $10,000.
The Bitcoin currency keeps both buyer and seller anonymous. With CryptoLocker, they were clever enough to allow the victim to upload one file to prove it works.
What to do if you are infected?
This is the real problem of these scams. You basically have no choice but to pay the ransom to gain access to your files again. There is no software applications that can decrypt the files again. ONLY the private key can make the files whole again. Which, truth be told - is the purpose of this high-level encryption in the first place. NSA, CIA and agencies all over the world depend on this level of encryption.
That said, the Justice Department in collaboration with the FBI, Interpol, universities and security companies succeeded cracking the so-called GameOverZeus network which was responsible for the distribution of Cryptolocker.
There is no guarantee that CryptoWall or other similar ransomeware intrusions will have a solution. Your best bet is of course having a backup of your important files. Something everyone should have anyway, since computers can be stolen, suddenly crash or the hard drive packs it in.
How can you prevent getting infected?
The First Commandment not to be infected with Cryptowall or future ransomwares is to be a little critical of the net everyday. Be generally wary of links and attachments in emails which you have reason to believe that the content can be false.
Coming soon: a website with news on ransomware, where you will be the first to learn about new dangerous ransom viruses. Contact me to be notified when this site is up.
This entry passed through the Full-Text RSS service - if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.
No comments:
Post a Comment