CryptoLocker: How to prevent it and why you should never pay the ransom

CryptoLocker is the first ransomware to request payment through Bitcoins and making use of effectively unbreakable encryption methods
Author:
Publish date:
1-neil-martin-panda-security-web.jpg

Neil Martin, marketing manager at Panda Security, details what CryptoLocker is, how it works, and why you should never pay up if your files are locked.

While happily working on your computer, little do you suspect that in the background, your important files are silently being subjected to a military-grade encryption to which you don’t have the unlock key.

Suddenly, a CryptoLocker alert appears on the screen, with a countdown timer ticking down – you have only days to pay the 2 Bitcoin ransom (approx. £300) or lose all your encrypted files forever.

Ransomware is the term for any malicious software which restricts access to users’ devices by locking access or encrypting their important files.

Compared to its predecessors CryptoLocker employs numerous new techniques, being the first ransomware to request payment through Bitcoins and making use of effectively unbreakable encryption methods.

It is spreading more rapidly than its contemporaries with continuing release of new variants for evading security software, and an ‘affiliate’ program that offers accomplices a percentage of ransom payments in return for infecting machines. Security reports highlight a seven-fold growth in ransomware alone in the last year. 

How it works
CryptoLocker is generally spread through visits to infected websites, social media or phishing emails using social engineering techniques.

So the victim may receive an email purporting to be from a logistics company or your bank. With a password-protected ZIP file containing either a double-extension file such as .pdf.exe, making it look innocuous or more recently a resurgence in macro-enabled Word documents.

As soon as the user runs the file it encrypts valuable files using an asymmetric encryption algorithm that only the cyber-criminal can provide the unlock key for. Cryptolocker is far worse in a corporate environment as it will also encrypt files on shared drives and the file server.

The threat of ransomware and data loss can be reduced by following these simple steps:
1. Backup – Make regular backups of all your important files, from your photos to your tax documents. Backup options are now more cost effective than ever and this will not only mitigate damage caused by malware infections, but also hardware failures and other incidents as well.
2. Update – Windows and other applications such as Chrome, Firefox, Flash Player and the Adobe Reader and even WinRAR are known gateways for malware threats. By keeping them up to date the threat opportunity is reduced.
3. Secure – Use an antivirus solution with additional layers such as; Anti-exploit to stop zero day infections, Application Control to stop your files being encrypted and Process Monitor to increase visibility of unknown applications.
4. Be Safe – Be wary of emails from senders you don’t know, especially those with attached files or that ask you to click a setting to see images. Be careful where you click. Not all websites are safe and some hide nasty surprises. If your browser says that something’s not right, then listen to its warning.

My files are locked. Should I pay?
No! If you give in to this extortion, it simply encourages the criminals to infect others.

Read more about Cryptolocker at Panda's blog here.

Related