Ransomware isn’t new. In fact, a little over a year ago, I wrote a blog post that discussed the rise in ransomware and a particular type of malware that the FBI released a warning about.
Ransomware is a malicious program that, when run on your computer, will hold your files or maybe even your entire disk drive hostage until money is paid to unlock it. A new type of ransomware attack now makes past programs look like child’s play. Called CryptoLocker, this particular ransomware Trojan holds your files hostage and if you don’t pay up, your files are gone—likely for good.
What makes CryptoLocker different is how it uses encryption. As Costin Raiu from Kaspersky Lab explained in a SecureList post:
Cryptolocker uses a solid encryption scheme as well, which so far appears uncrackable. For each victim, it connects to its command-and-control (C2) to download an RSA public key that is used to encrypt the data. For each new victim, another unique key is created and only the Cryptolocker authors have access to the decryption keys.
A friend of mine recently had a computer hit with CryptoLocker, and rather than give the hackers what they wanted (payment for the key to unencrypt the files), she just accepted the files as lost forever. I think it is unlikely that most of us could afford to let that happen on our personal computer, but can you imagine the disaster if CryptoLocker hit a business computer? Does your organization have a disaster plan in place for dealing with ransomware?
If you think that your files are safe because you’ve backed them up in the cloud, the folks at Lancope warn that might not be the case:
Keep in mind that if you use a service like Google Drive, Dropbox or even SkyDrive, you have a mirror of your files in the cloud, and if the ransomware encrypts your local files, it will trigger the mirror process and the files in the cloud will also be encrypted. Some services like Dropbox have a Packrat feature that allows you to restore to any previous version of the file, which can help in a situation like this.
What’s the scariest part of CryptoLocker? AV and other security software solutions haven’t been able to catch it before it does damage. The malware is hidden in phishing email, and according to a Computerworld article, the best way to prevent CryptoLocker from loading on to your computer is a software restriction policy.
In the meantime, the best thing you can do is back up your files to a secure drive and stay vigilant against phishing attacks. And don’t ever download anything without verifying that it is safe.
Now, I’m off to back up my own computer.