Cryptolocker ransomware has 'infected about 250,000 PCs'

27 December 2013 02:54 am - 0 - {{hitsCtrl.values.hits}}

A A A

A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers.

Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock.

Dell Secureworks said that the US and UK had been worst affected.

It added that the cyber-criminals responsible were now targeting home internet users after initially focusing on professionals.

The firm has provided a list of net domains that it suspects have been used to spread the code, but warned that more are being generated every day.

Ransomware has existed since at least 1989, but this latest example is particularly problematic because of the way it makes files inaccessible.

"Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft's CryptoAPI," said the report.

"By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent."

Ransom dilemma

The first versions of Crytpolocker appear to have been posted to the net on 5 September.

Early examples were spread via spam emails that asked the user to click on a Zip-archived extension identified as being a customer complaint about the recipient's organisation.

Later it was distributed via malware attached to emails claiming there had been a problem clearing a cheque. Clicking the associated link downloaded a Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto the victim's PC.

By mid-December, Dell Secureworks said between 200,000 to 250,000 computers had been infected.

It said of those affected, "a minimum of 0.4%, and very likely many times that" had agreed to the ransom demand, which can currently only be paid in the virtual currencies Bitcoin and MoneyPak.

"Anecdotal reports from victims who elected to pay the ransom indicate that the Cryptolocker threat actors honour payments by instructing infected computers to decrypt files and uninstall the malware," added the security firm.

"According to reports from victims, payments may be accepted within minutes or may take several weeks to process."

However, Trend Micro, another security firm, has warned that giving into the blackmail request only encouraged the further spread of Cryptolocker and other copycat schemes, and said that there was no guarantee of getting the data back.
Safety steps

Dell suggested PCs be blocked from communicating with the hundreds of domains names it had flagged as being linked to the spread of Cryptolocker, and it suggested five further steps the public and businesses could take to protect themselves:

Install software that blocks executable fields and compressed archives before they reach email inboxes
Check permissions assigned to shared network drives to limit the number of people who can make modifications
Regularly back-up data to offline storage such as Blu-ray and DVD-Rom disks. Network-attached drives and cloud storage does not count as Cryptolocker can access and encrypt files stored there
Set each PC's software management tools to prevent Cryptolocker and other suspect programs from accessing certain critical directories
Set the computer's Group Policy Objects to restrict registry keys - databases containing settings - used by Cryptolocker so that the malware is unable to begin the encryption process

(Source : BBC)

Order Gifts and Flowers to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Grocery, Kids Toys, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,Astrology, Courier/Delivery, Medicine Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka

Comments - 0

Add comment
Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Cryptolocker ransomware has 'infected about 250,000 PCs'

Comments - 0

Add comment

RECOMMENDED

UDA owned land in Thalawathugoda; UDA Minister Prasanna Ranatunga under the spotlight for forceful occupation of reserved land

Loss-making SMIB faces political pressure in recovering loans

Baltimore Bridge Collapse: MV Dali, SL authorities anchored in mystery?

Has Sri Lanka become a potential hub for the illegal wildlife trade?

Spotlight on Moragahakanda Development Project Moragolla villagers lose livelihoods and down to one meal a day

Ambitious Sri Lankan jobseekers ‘trafficked into Ukraine war zones’

Western purple-faced langurs see blue!

Most Viewed in News

Sri Lankan among NASA’s new crew for next simulated Mars journey

Confusion remains if April 15 is a bank holiday

Former MP Palitha Thewarapperuma dies from electrocution

23 year old youth ends up having his testicles removed

SL on alert on possible genocide allegations by Canada

Belgian traveller scammed in Kalutara

MIRROR CRICKET

TODAY'S HEADLINES