Thursday, September 19, 2013

Cryptolocker - RansomWare Threat

A computer virus is a software program designed to destroy or steal data. They are often a nuisance,usually designed with malicious purpose, either to disrupt activity, steal information or some other type of financial gain. Viruses have been known to wipe systems out, destroy hardware, or fill a hard drive up with junk applications.

There always exists a motive for the virus's author.Viruses can be used for marketing, theft or political statements. They can bring down home PCs or large corporate networks. Viruses exist under many forms, such as boot sector viruses or browser hijackers to name two. In some cases, a virus will infect a system for the purpose of delivering a "payload", which is other malware with a different purpose.

About two years ago, a new virus called "MoneyPak" came online. When a PC became infected, a phony message was displayed saying the FBI will seize the machine unless a $300 moneypak card was purchased from CVS or Walgreens. From a technical perspective, this was a simple annoying virus that was easy to remove. Gullible users would buy the card and pay the fee, most simply sought out technical help to have the virus removed.


Ransomeware is a computer virus that infects a system and limits access until the owner of the comptuer pays the creator of the virus to have it removed. The Moneypak virus is one such example.

Recently, a new variant of Ransomware (in this case crypto malware) has emerged called Cryptolocker. Crypto Malware infects a computer with a program that takes control of the system and connects to a control server to obtain an encryption key and apply it to specific files on a computer.  Cryptolocker utilizes a 256 bit Advanced Encryption Standard (AES) key. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. Although the original server handing out encryption keys has been taken down, the virus is still being spread

Current forms of the virus go after typical productivity files such as Microsoft Word, Excel, WordPerfect files, Access databases, photos and other multimedia files. Essentially, files you use everyday. Once the files are encrypted, the only way to read those files is through the key.The virus gives the end users options for obtaining a key, usually by paying a $300 un-lock fee. 

At present, paying the $300 ransom is the only way to have your files unlocked.

How the Virus is Spread

To date, the virus is sent to host computers through "social engineering", which typically has been email. Phony emails  typically appear to be from FedEx notifying the reader that a package is waiting for them, and to click a link for more information.


The best methods to avert falling victim to these scams are:
1. End user education - stay informed on computer malware threats
2. Solid e-mail spam filtering

Public e-mail services through Microsoft (Hotmail, or Google (Gmail) are generally good at eliminating these threats through behavior tracking technology. Private domain based mail accounts ( generally don't have aggressive enough spam filtration that will eliminate the majority of these threats. If you would like to improve  your current spam filtration solution or have the current system evaluated, please contact us to discuss in detail.

If you have a private domain based mail account, contact us for information on our email spam filtration service and antivirus protection software. Coverage for your PC and email starts at just $2.99/month.

(215) 634-2997

No comments:

Post a Comment