Back to October 2013 ITS Newsletter

Beware the Crypt Keeper

By Ryan Coyle

Be on the lookout for the Cryptolocker virus!

This October, there’s a new ghoul on the rampage terrorizing computers everywhere and sending bytes running to the hills.  The new malware infections are some of the scariest we’ve seen in some time.

The malware, identified by Sophos as Troj/Ransom-ACP, is another classical case of ransomware.  Ransomware is a piece of malware which tries to hold your computer or your files hostage in exchange for payment.  As malware has become more and more criminalized, this type of software is quite prevalent.  Increasingly, criminals are turning to extorting money from people through the Internet.  There are over a 100,000 different samples of malware sent to major anti-virus companies daily.

Source: http://tvtropes.org/pmwiki/pmwiki.php/Series/TalesFromTheCrypt?from=Main.TalesFromTheCrypt

What makes ransonware different?

In many cases, the ransomware that gets installed is relatively easy to defeat.  It is typically non-destructive (the criminals need something to hold ransom) and is usually more concerned with scaring you into paying their extortion than causing any sort of permanent damage. 

Cryptolocker is a different beast altogether!

Rather than put up an annoying pop-up accusing you of sharing kiddie porn, Cryptolocker takes it up a notch and encrypts your personal files, locking you out of accessing them.  They then demand payment via Moneypak or BitCoin of $300.  The encryption is public/private, meaning that a public key is used to lock the files, but the bad guys maintain the only private key to unlock them.  As the bad guys are the only ones who own your private key, they’re the only ones who can unlock your files.  There’s no secret trick which can recover the encrypted files.   They are as good as gone.  Initially there were reports that paying the ransom would release your files back to you, however, it appears that this is no longer the case.  You might as well take your money, fold it into paper airplanes, and fly it right out the window.

What can one do to protect yourself from Cryptolocker? 

  • Stop it from getting in – Cryptolocker so far appears to infect computers one of two ways:
    • Email attachment – Always be on the lookout for unsolicited email attachments.  Don’t open attachments you aren’t expecting and if they smell suspicious, call the person who sent it and ask.  That thirty second phone call can save you a rather large headache down the road
    • Botnet infection – This one is trickier to spot.  One of the things that viruses and malware do when they attack your computer is to often open the doors to all their friends.  They sit on your computer seemingly innocuous, but in the meantime they’re opening up doors for other infections to come in.  Think of it as being infected since the bad stuff is incubating.  You might feel fine and not show any effects of the illness until boom, you wake up and suddenly you’re sick as a dog.  This is why running frequent scheduled malware scans is important.  It’s important to clean up these types of infections before they can cause real damage to your machine.
  • Keep your anti-virus up-to-date – Keeping your anti-virus up-to-date is very important.  New threats are discovered daily and the good guys are constantly writing software updates to keep you safe.  If your anti-virus is out of date, it isn’t doing you a whole lot of good.  If your subscription runs out, re-subscribe.  An out of date anti-virus is only slightly better than having no anti-virus at all.
  • Backup, backup, backup – If you have good backups the worst thing that can happen when you get an infection is that you lose the time it takes to restore from your last backup.  This is also the only real defense you have if your files do become encrypted by malware.  With good backups, Cryptolocker goes from being potentially crippling, to just a nuisance.  Remember, programs like Google Drive, Dropbox and Skydrive are not backup programs.  Malware, like Cryptolocker, will trash files in those locations just as easily as it will files on your local machine.  Worse still, those trashed files will be propagated to all your other devices as well.  Don’t substitute cloud storage for good backup principles.
  • Keep your computer updated – Make sure you’re running the updates when your computer prompts you that updates are available.  Security updates from vendors like Adobe, Microsoft and Java plug the holes that malware writers use to infect your machine.  Don’t keep putting off updating your machine.  Make it a habit to make sure there aren’t any updates waiting on your machine at the end of the day.  That way you can install them at the end of the day and not lose any productivity during the day.
Back to Top