- Vicious CryptoLocker Ransom Trojan Will Lock You Out & Throw Away The (Decryption) Key
The ransomware scheme has used real businesses to send emails that appear official, as well as fake package tracking notifications designed to look like they come from UPS or FedEx. After opening the email, the victim is asked to download a Zip file with an .exe file hosting the virus. That’s when the ‘fun’ really starts – a pop-up emerges on the victims desktop and informs them that their computer has been infected, their files encrypted beyond recovery and demands a ransom be paid within a short time frame (between 72 and 100 hours) in order to regain access to files.
The US-CERT (US Computer Emergency Readiness Team) advisory warns that: “Victim files are encrypted using asymmetric encryption, [which] uses two different keys for encrypting and decrypting messages. Asymmetric encryption is a more secure form of encryption as only one party is aware of the private key, while both sides know the public key.”
The ransom starts at 2 Bitcoins – a whopping total of up to $1,200 in today’s inflated BTC rate. Once infected, the ransomware encrypts files located on USB drives, external hard drives, personal files, network file shares and even network drives – meaning one rogue email could infect a whole business, as it has already done.
Even a US police department couldn’t see past the phishing attack. Earlier this week, the Swansea Police Department in Massachusetts coughed up $750 (the BTC value has since almost doubled) to retake control of their internal files. While the department claims the virus didn’t affect any of their internal software programs, the threat was clear. Analysts there are now scrambling to tighten security and discover the vulnerabilities that led them to the virus in the first place.
Because it uses Bitcoins, the decentralized ‘cryptocurrency’, the CryptoLocker campaign is going to be near-impossible to track down. The unfriendly hackers are thought to possibly be an organized cybercrime ring with Ukrainian and Russian connections, thereby evading US and UK laws.
Some of the victims have reported paying the ransom and not getting the decryption key back in return. If your computer has been affected, the US-CERT advisory urges the victims to not pay the extortion attempt and instead report it to the FBI’s Internet Crime Complaint Center.
If you’re running on Windows 8, Windows 7, Vista or XP operating systems, you can take the following precautions to avoid being another number in CryptoLocker’s nasty game:
Read more here: http://www.us-cert.gov/ncas/alerts/TA13-309A
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.