December 27th 2014
The ransomware attack we warned about in mid-November has now infected around 250,000 Windows computers, with the worst-affected areas being the US and UK, according to Dell Secureworks. The criminals are thought to be located in Russia and Eastern Europe.
The malware – known as CryptoLocker – scrambles users' data before demanding a fee to unencrypt it whilst counting down on a clock … hence the term 'ransomware'. The encryption key is held only by the attackers. It is very secure, and possibly not possible to crack.
Initially targeting businesses, the cybercriminals responsible are now targeting home internet users.
Ransomware was invented about 15 years ago, but CryptoLocker is particularly nasty because of the way it makes victims' files inaccessible. It first appeared in early September.
Internet security firm Trend Micro warns that giving into the blackmail request encourages the further spread of Cryptolocker and similar ransomware, and also that that there is no guarantee of getting the data back.
Guarding against CryptolLocker
This advice on guarding your PC against an attack by Cryptolocker is supplied by PC Advisor magazine:
The steps to guard against CryptoLocker are essentially the same good practices that should be employed to guard against any malware attack or hardware failure:
– Make sure you're using antivirus software and that it's kept up to date. Thankfully, most antivirus applications can now detect and remove CryptoLocker, but are only of use if they catch it before the encryption occurs.
– Also make sure that you regularly back up all your data. These backups should be in a form that's disconnected from your computer, as CryptoLocker will seek out any connected USB drives and network shares, and attempt to encrypt those files, too. This can also apply to files being synced to Cloud services, although you should often be able to retrieve previous, and therefore unencrypted, versions of these files via the Cloud service provider. Users of Windows starting with XP Service Pack 2 may also be able to retrieve previous (and therefore unencrypted) versions of their files, by right-clicking on an encrypted file and selecting Properties, then 'Previous Versions'.
– For peace of mind, it's a good idea to perform an image backup right now and store it on a USB drive that you don't keep permanently connected.
– Email is CryptoLocker's primary mode of attack, so avoid opening any email attachments from untrusted sources or that appear in any way suspicious. This should include attachments sent from banks or financial institutions and, particularly in the case of CryptoLocker, from courier companies or from Companies House. Also ensure the email scanning feature of your antivirus software is configured and enabled.
– If you want to check right now whether CryptoLocker has found its way onto your PC, you can download and run Malwarebytes Anti-Malware. This will scan for the Trojan and remove it for you if discovered.
– If CryptoLocker has already encrypted your files, then it will display a message demanding payment. Unfortunately, by this time it's too late to recover your files if they are not backed up. You will then have to consider whether to give in to the attackers' demands for the slim chance of receiving a decryption key.
