Ransomware Update: CryptoLocker and CryptoWall

102814-lockIf you’re not on the United States Computer Emergency Readiness Team’s alert list, it’s worth your time to sign up for their email list. They’ll let you know when there’s a new online security threat, and occasionally they’ll update you about old threats.

That happened last week when US-CERT sent out an update about ransomware – a kind of malicious software that locks up and/or encrypts your files and keeps them locked up until you pay a handsome ransom.

We’ve reported on ransomware here at Tech Talk in the past – CryptoLocker and CryptoWall have both surfaced in the last year. While CryptoLocker has been disrupted, CryptoWall is alive and well and continuing to infect computers across the world.

US-CERT reports that ransomware continues to proliferate because it’s profitable for those who develop it. Some users whose files are held for ransom – between $100 and $300, typically – will pay that ransom for access to their files (or so they hope). In fact, CryptoLocker raised about $3 million for its developers, and in the six months since CryptoWall was released, it has made about $1 million for its developers.

Here’s how ransomware works:

Ransomware is most commonly transmitted through phishing emails, malicious websites, or online instant messaging programs. Once it installs itself on your computer, the virus gets to work encrypting your files – both locally and on removable media and network drives. You won’t even know you’ve been infected until an alert pops up to tell you that you can’t access you files until you pay up. The CryptoWall variant increases the ransom due over time. On some types of ransomware, more malicious software installs itself on your machine when you click the link to pay the ransom.

What happens if you’re infected? Both personal and business users can lose access to important files temporarily or permanently. If you’re running a business, you risk financial losses, disruptions to your operations, and damage to your reputation.

There are steps you can take to protect yourself:

  • Back up your files regularly
  • Keep antivirus software up to date
  • Don’t click on links or attachments in suspicious emails or on questionable websites. If you didn’t ask for a link or file to be sent, don’t click on it.

CryptoLocker Update

There’s good news to report about CryptoLocker since our last update. In August 2014, security firms FireEye and Fox-IT launched the website https://www.decryptcryptolocker.com/ to help those infected by CryptoLocker recover their lost files. The website gives access to the keys needed to unlock files held for ransom.

CryptoLocker, which was released in September 2013, was disrupted in May 2014.

CryptoWall Update

Unfortunately, CryptoWall is still active and infecting machines across the world. At this writing, no one knows yet from where CryptoWall originates, and PCWorld reports that it has infected more than 600,000 computers and encrypted more than 5 billion files. The magazine writes,

CryptoWall is “the largest and most destructive ransomware threat on the Internet” at the moment and will likely continue to grow, the [Counter Threat Unit (CTU) at Dell SecureWorks] researchers said Wednesday in a blog post that details their findings.

Protect yourself by following the guidelines above for email and suspicious websites.

Do you need help recovering from ransomware or protecting yourself against infection? From back-up options to customized network security, let PNSolutions help you protect your computers and your files. Contact us today!

Comments are closed.