Archive for November, 2013

CryptoLocker / Crilock Malware

Tuesday, November 5th, 2013

Recently a new variant of the ransomware malware has surfaced called CryptoLocker (or CriLock according to Microsoft). Whereas past malware would have a warning on the screen and lock you out of normal use (eg saying the AFP had your details), this new variant actually encrypts your Office/PDF/Image files with a 2048 Bit key. As of now the ONLY way to get your files un-encrypted is to pay their money within the 90 HR time limit (which is about $400US at the moment) to get the decrypt key. And people are doing it – as they have no choice if they dont have a backup (note the malware writers are actually providing the decrypt keys for people so they are running a real operation – last count I read was > $7M collected so far by them).
The malware will normally arrive via email. It comes as an attachement (usually in a zip file) that the customer then clicks on and that activates the malware  on their PC. And the activity may not be immediate Рsince the malware will take time to locate an active Command & Control server on the internet to log the key.
This document gives a very good tech rundown of the malware – http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information.
So what do to ?
1. Make sure your AV is up to date – so it will block the infection when it arrives. Most AV should be automatically updating everyday. We use Kaspersky which picks up all these Malware in the tests we’ve done.
2. Make sure you have a good backup of the files that matter to you. All businesses should have this anyway – but home users need to be especially aware (imagine loosing ALL your kids photos from the last 10 years…)
3. Always look at the email you get and make sure it looks legit from someone you would expect to get a file sent to you ! An example is they come from Westpac – and people who dont even have a Westpac account click on the attachment…

James