No matter how many times our email clients warn us of a potentially malicious email, people still seem to open them anyway. Sure, sometimes it's just a harmless link, but opening these emails is how computer viruses spread throughout the Internet and cause damage to countless information systems.
That’s why the Cryptolocker malware, which is called ransomware, is thriving despite it becoming very well known over the past few months. Ransomware gets its name from the scam that essentially holds those infected hostage by claiming that in order for the victim to get their data back they need to pay a ransom. As you might guess, paying the money is no guarantee that the damage will be undone.
What is Cryptolocker?
Cryptolocker is spread by fake email with attachments such as voicemail.mp3, invoice_scan.jpg and others which have a hidden file extension that Microsoft Windows executes as a program. As of November 18, there have been more than 12,000 Cryptolocker victims in less than a week, according to research done by security technology company Bitdefender Labs. Once executed and ultimately infected, this malware encrypts files on the system using asymmetric encryption which requires a public (encrypt) and private (decrypt) key pair.
With the files encrypted on the system, the user has no access to them unless the private key is obtained which will cost money and must be paid within a specified timeframe or the private key is destroyed and access will be lost forever.
Malwarebyte Unpacked lists the file extensions targeted include those commonly found on most PCs today; a list of file extensions for targeted files include: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx.
Even for non-tech people, there are some common, and critical, file extensions on this list. Unfortunately the ransomware craze may have just begun and it is getting some serious traction according to an article from SC Magazine:
So What Can You Do?
There are various web resources providing prevention and mitigation techniques, below is a collection of the leading practices that are consistent across most of them:
- Use caution when reading emails from untrusted sources with web links or attachments as they may execute malicious code when accessed or opened
- Keep operating system and software patches up to date
- Ensure that antivirus and anti-malware software update automatically
- Regularly backup information and systems to reduce the impact if an infection occurs
- Implement a Software Restriction Policy to prevent against various types of malware and not just Cryptolocker
In the end, many think that the simplest way to make this go away is to make sure that the ‘bad guys’ don’t get any money. Trouble is, logic may be the first thing out the window when talking to someone who just found out his or her data is being held hostage.
If you need to study up, there is a growing online library of information like this full overview from bleepingcomputer.com.
There are many security vendor resources and blogs that are keeping information up-to-date on the activities of Cryptolocker. Below are just some of the ones that can be referenced for this information.