A particularly nasty piece of malware, called CryptoLocker, is now targeting home internet users, after initially focusing on professional users. It first surfaced in early September 2013 and prevents people from using their computers by locking the screen and holding files for ransom. This includes photos, music files, word documents and other information and of course all of your online identity information.
CryptoLocker usually displays a countdown clock with a message saying that if a fee isn’t paid within the stipulated time, data will be destroyed. To date, it’s estimated to have infected about 250,000 people mainly in the UK and the US.
CryptoLocker first started spreading via spam emails that purported to be a customer support message from a delivery services such as DHS, FedEx or UPS. Later it was distributed via emails that claimed there was a problem clearing a cheque. In both cases, victims have clicked an attachment, at which point CryptoLocker was then installed on the computer.
Email virus protection
Clearly, it pays to keep one narrowed eye on emails claiming to be from a company you may have heard of but haven’t used, or if you have used, has an attachment. Email is CryptoLocker’s main method of infection so watch out for those unsolicited emails bearing unwanted attachments.
That said, the best steps to guard against CryptoLocker are the same as those employed against any malware attack of hardware failure. Number one, make sure you have good antivirus software in place that detects CryptoLocker before encryption takes place and number two regularly back up your data.
Back it up
The backups should be in a form that’s disconnected from your computer, because CryptoLocker will seek out connected USB drives and network shares and attempt to encrypt those files too.
If you’re wondering, CryptoLocker differs from most ransomware we’ve seen to date. Traditional ransomware, which has been around in various forms for over 20 years, uses customised cryptographic implementations. CryptoLocker, however, use certified cryptography offered by Microsoft’s CryptoAPI and follows best practice guidelines.
In short, this means the hackers have created a robust programme that is difficult to circumvent once it is installed on a machine. And this is why it’s particularly nasty.