A virulent form of
ransomware has now infected about quarter of a million Windows
computers, according to a report by security researchers.
Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock.Dell Secureworks said that the US and UK had been worst affected.
It added that the cyber-criminals responsible were now targeting home internet users after initially focusing on professionals.
The firm has provided a list of net domains that it suspects have been used to spread the code, but warned that more are being generated every day.
Ransomware has existed since at least 1989, but this latest example is particularly problematic because of the way it makes files inaccessible.
"Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft's CryptoAPI," said the report.
"By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent."
Ransom dilemma The first versions of Crytpolocker appear to have been posted to the net on 5 September.
Early examples were spread via spam emails that asked the user to click on a Zip-archived extension identified as being a customer complaint about the recipient's organisation.
Later it was distributed via malware attached to emails claiming there had been a problem clearing a cheque. Clicking the associated link downloaded a Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto the victim's PC.
By mid-December, Dell Secureworks said between 200,000 to 250,000 computers had been infected.
It said of those affected, "a minimum of 0.4%, and very likely many times that" had agreed to the ransom demand, which can currently only be paid in the virtual currencies Bitcoin and MoneyPak.
http://www.bbc.co.uk/news/technology-25506020
The steps to guard against CryptoLocker are the same good practices that should be employed to guard against any malware attack or hardware failure:
1. Make sure you’re using antivirus software and that it’s kept up to date. Thankfully, most antivirus applications can now detect and remove CryptoLocker, but are only of use if they catch it before the encryption occurs.
2. Make sure that you regularly back up all your data. These backups should be in a form that’s disconnected from your computer by using an external USB drive that you don’t keep permanently connected to your computer. CryptoLocker will seek out any connected USB drives and network shares, and attempt to encrypt those files, too. This can also apply to files being synced to Cloud services, although you should often be able to retrieve previous, and therefore unencrypted, versions of these files via the Cloud service provider. Users of Windows starting with XP Service Pack 2 may also be able to retrieve previous (and therefore unencrypted) versions of their files, by right-clicking on an encrypted file and selecting “Properties,” then “Previous Versions.”
3. Email is CryptoLocker’s primary mode of attack, so avoid opening any email attachments from untrusted sources or that appear in any way suspicious. This should include attachments sent from banks or financial institutions and, particularly in the case of CryptoLocker, from courier companies or from Companies House.
4. Make sure the email scanning feature of your antivirus software is configured and enabled.
PCAdvisor suggests that you check right now whether CryptoLocker has found its way onto your PC by downloading and run Malwarebytes Anti-Malware. This will scan for the Trojan and remove it for you if discovered.
I have Malwarebytes Anti-Malware, one of three antivirus software I use. Malwarebytes is free. In fact, it’s running a quick scan on my laptop right now.
See also:
Sources: PCAdvisor, Wikipedia
No comments:
Post a Comment