iStock_000010853130Small-300x198

Vicious CryptoLocker Ransom Trojan Will Lock You Out & Throw Away The (Decryption) Key

Nov 19, 2013 By Sarah Vonnegut

A spam campaign first discovered in late October is picking up speed. CryptoLocker, fast becoming the malware story of the year, has hit victims in the US and UK en masse, responsible for millions of tainted emails sent to its intended victims.

The ransomware scheme has used real businesses to send emails that appear official, as well as fake package tracking notifications designed to look like they come from UPS or FedEx. After opening the email, the victim is asked to download a Zip file with an .exe file hosting the virus. That’s when the ‘fun’ really starts – a pop-up emerges on the victims desktop and informs them that their computer has been infected, their files encrypted beyond recovery and demands a ransom be paid within a short time frame (between 72 and 100 hours) in order to regain access to files.

The US-CERT (US Computer Emergency Readiness Team) advisory warns that: “Victim files are encrypted using asymmetric encryption, [which] uses two different keys for encrypting and decrypting messages. Asymmetric encryption is a more secure form of encryption as only one party is aware of the private key, while both sides know the public key.”

The ransom starts at 2 Bitcoins – a whopping total of up to $1,200 in today’s inflated BTC rate. Once infected, the ransomware encrypts files located on USB drives, external hard drives, personal files, network file shares and even network drives – meaning one rogue email could infect a whole business, as it has already done.

The 5-0 Got Spammed

Even a US police department couldn’t see past the phishing attack. Earlier this week, the Swansea Police Department in Massachusetts coughed up $750 (the BTC value has since almost doubled) to retake control of their internal files. While the department claims the virus didn’t affect any of their internal software programs, the threat was clear. Analysts there are now scrambling to tighten security and discover the vulnerabilities that led them to the virus in the first place.

Because it uses Bitcoins, the decentralized ‘cryptocurrency’, the CryptoLocker campaign is going to be near-impossible to track down. The unfriendly hackers are thought to possibly be an organized cybercrime ring with Ukrainian and Russian connections, thereby evading US and UK laws.

Some of the victims have reported paying the ransom and not getting the decryption key back in return. If your computer has been affected, the US-CERT advisory urges the victims to not pay the extortion attempt and instead report it to the FBI’s Internet Crime Complaint Center.

Take Precautions, Stay Aware

If you’re running on Windows 8, Windows 7, Vista or XP operating systems, you can take the following precautions to avoid being another number in CryptoLocker’s nasty game:

  1. Never, ever follow unsolicited links in emails and always use caution when opening attachments. If it looks questionable, report it as spam and delete!
  2. Ensure your antivirus software is up to date and running.
  3. Back up your data and keep the data stored offline.
  4. Install those sometimes pesky software updates and patches offered periodically by Microsoft – they could end up saving your files and lots of money!

Read more here: http://www.us-cert.gov/ncas/alerts/TA13-309A

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.