Ransomware is designed to extort money from users by holding files, such as documents and photographs hostage, until a ransom fee is paid, usually in BitCoins. The software, which can be sent through any number of ways, including fake links disguised as legitimate websites, sniffing out files on your device before encrypting them. As opposed to typical malware scenarios, removing this ransomware doesn’t fix the problem. The victim’s personal files remain encrypted regardless.
The first version of CryptoLocker surfaced in September 2013. It targeted Windows computers via a mass spamming campaign, sending malicious emails to thousands of users. The messages were disguised as CVs, UPS missed package delivery reports, payroll notifications, invoices and suchlike eye-catching files. The attached ransomware on these emails would self-extract once clicked, causing the ransomware to encrypt the machine silently. Having contaminated a computer, the ransomware inconspicuously traverses the machine in search of popular file extensions. Not only encrypting data on local drives, but also on the mapped network drives and removable media.
Estimates put the scammers’ earnings at approximately $30m in ransom payments, within the first three months of their campaign. So it is no wonder that this practice continues to thrive…… Scammers have recently developed increasingly advanced ransomware programmes.
CryptoLocker is still very active now in 2016.
There are simple precautions you can take. Make back ups of your files on a removable external or non-networked drive or in the cloud and check frequently that these work as expected. Should you become a victim of ransomware make sure you remove the ransomware properly, before downloading files from your backup storage, otherwise they will be re-encrypted. If in any doubt ask an IT specialist for advice before restoring your machine. You should also refrain from opening suspicious email attachments even if they are received from people you know and steer clear of shady web pages.
Keep your software up to date, with the latest patches. Patching security holes can prevent malicious code, executing on your computer. Use reliable antimalware software, some suites already provide ransomware protection. Bitdefender Internet Security is a good example, as its newest version identifies ransomware, blocking it and thwarting encryption.
Crypto-viruses are morphing into sophisticated extortion instruments. As the security industry is still trying to devise dependable countermeasures, the best recommendation at this point is to be, as always, be prudent when online.
First Published: 13/04/16
Image courtesy of Stuart Miles at FreeDigitalPhotos.net