/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsIn early September 2013, Quick Heal Threat Research and Response lab received several incidents about a malware that once executed encrypts files in the victim's computer, and demands a certain ransom for decryption. This malware makes demand of 300 USD through prepaid card services like UKash, Bitcoin or MoneyPak. This type of malware is popularly known a s ransom ware and is spread using social engineering tricks especially via email such as fake FedEx or UPS tracking notifications with attachments. Once the victim opens such email attachments, CryptoLocker gets installed and starts scanning the hard disk for all kinds of documents. These include images, videos, documents, presentations and spreadsheets. Thereafter, it encrypts these files, converting them into an unreadable form. The ransomware then pops up a message, like the once shown below, in which it demands the victim to pay up $300 (currently) to buy a private key to decrypt the files. The message also displays a time limit within which the payment must be made.
CryptoLocker uses unique RSA encryption method of public private key pair to encrypt each of its victim's data. It is not possible to decrypt the files encrypted in this way until one has access to the private key. The malware stores the private key on its command and control server which is not known. Since the decryption key is not stored on the infected computer, it is v ery difficult to decrypt the data encrypted by this malware. The malware gives a deadline of 100 hours to pay the ransom and get the private key to decrypt the data. If the amount is not paid it destroys the private key and your encrypted data is locked forever with no way to recover it. Hackers behind this malware are able to avoid the trace back by using digital cash systems like Bitcoins and MoneyPack where the payments can be anonymous.
"This is one of the most destructive malware I have seen till date", says Sanjay Katkar, CTO of India's leading antivirus software Quick Heal. "Since last couple of weeks we have bee n seeing 500+ incidents per day of this malware. The incidents are being reported from all over India. It is essential that everyone connected to the Internet is aware of such a damaging malware. In these cases, prevention is always better than cure." added Mr. Katkar. Another similar kind of ransomware that goes by the name of "Anti-Child Porn Spam" was seen infecting few computers in last couple of days. This shows that the trend for ransom war is growing. Cyber criminals are exploring the new way of extracting money from the victims. Looking at this new trend we recommend all the computer users to be alert and follow the steps.
In this case, prevention is better than cure. So here's what you can do:
1. The biggest threat from ransomware is losing your important files. Therefore, nothing would be wiser than taking regular backups of such files. Preferably, keep the backup offline.
2. Do not miss out on any kind of update; whether it is for your computer's OS, Internet browsers or any software installed in the system.
3. Ensure that you are using multilayered antivirus software for your computer that remains active and updated.
4. Having a sandbox protection feature in your antivirus greatly mitigates the risk of infection from malicious websites.
5. Never entertain unknown or unwanted emails with attachments, especially those that come from banks and other financial institutions. Have a proper ant i-phishi ng and anti-spam protection installed to filter out the fraudulent emails.
In case you come across any instance of this insidious malware, you can get in touch with our tech support at 0-927-22-33-000