Today, most businesses are run on computers. Owning a computer, accessing e-mails, surfing the Internet, interacting on social media sites and being connected to a network all carry the threat of attacks from malicious programmes and viruses, says Roberto Caprio, MD, Dial a Nerd.
Ransomware, like the name suggests, is a new form of malicious software that cyber criminals are using to literally hold your computer for ransom. Demanding payment for the safe return of your information.
Currently, the most dangerous ransomware programme is CryptoLocker. The authors of this programme have gone to great lengths to make it so – by bringing out new versions, keeping up with changes in protection technology and targeting a variety of people over a lengthy period.
CryptoLocker was released at the beginning of September 2013 and focuses on all versions of Windows, including XP, Vista, 7 and 8.
The easiest way for this programme to reach an extensive number of people, very quickly, is via e-mail spam.
This infection is typically spread through e-mails sent to company e-mail addresses, pretending to be work related issues such as delivery requests, payment details, and so on. The e-mail contains an .EXE attachment, disguised as a PDF file “PDF.EXE”, that when opened infects the computer.
Newer attacks seem to be via Facebook in the form of video downloads, where the viewer is asked to download an application to run the video. This application in all likelihood, is some form of malware, with the worst case scenario being CryptoLocker.
Once the ransomware has been downloaded onto the computer, it will then encrypt the files and display a CryptoLocker payment programme on the screen, which demands a ransom of a certain value be paid in order to decrypt the files. A timer will also be displayed stating how much time is left to complete the payment. Once payment is received the files will be decrypted, although this is not 100% guaranteed.
Not only does CryptoLocker affect the local files on the computer, but files that are on “mapped” drives can also be affected (files that have been given a drive letter such as D; E; F). These files could be on an external hard drive, folder on a network or a document in the Cloud. If you have your Dropbox folder, for example, mapped locally, it could encrypt those files as well.
CryptoLocker uses two different types of encryption, making it impossible to decrypt the files without the decryption key, which is kept by the author. Brute-forcing the decryption key is not realistic due to the length of time required to break the key. To date, no known decryption tools work with this infection.
Although it may seem like there is no hope, there are a number of things that you can do to protect your computer against CryptoLocker.
Backup your data
We cannot reiterate this enough. Backing up your data is the most important practice you can do, if you own a computer, and will keep your data safe in a number of situations.
We suggest that you make backing up your data part of your daily regime. Backing up to the Cloud is a simple and automated process that will provide huge peace of mind in the event of a disastrous situation. We recommend Soteria Backup.
In the event of an attack from ransomware, being able to restore a recent backup will mean that very few of your documents will be lost.
Due to the fact that CryptoLocker affects mapped drives, ensure that your backup service is not assigned to a drive letter or that it is disconnected when not performing a backup.
Install a reputable security protection programme
We recommend ESET NOD32. Not only do they supply an excellent anti-virus, but they are also aware of the fact that these days cybercriminals deploy heavily-encrypted malware, designed to evade detection. CryptoLocker was detected by ESET as Win32/Filecoder.
Show hidden file extensions
Because Microsoft does not show extensions by default, all the attachments from CryptoLocker look like normal PDF files. By re-enabling the ability to see the full file-extension, it will be easier to spot suspicious files.
Always keep your software up to date
Malware authors pounce on users running outdated software as they are aware of the weaknesses, which they abuse in order to attack your system. Be aware that malware authors are sneaky and can disguise their creations as software update notifications. Enable automatic updates, but possibly double check on the software vendor’s Web site to make sure that they are legitimate.
Disconnect from the WiFi or unplug from the network immediately
If you think your computer might have succumbed to randomware, but the CryptoLocker screen hasn’t appeared. Disconnecting from the WiFi or network may interrupt the encryption process and save some of your files.