Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tips to avoid being bit by CryptoLocker (and what to do if you are)

Kim Crawley | Dec. 4, 2013
InfoSec Institute's Kim Crawley details CryptoLocker, the latest in scareware, and offers suggestions for avoiding infection.

Rogue AVs have been called "scareware" in recent years. Well now, there's a new type of scareware in town!

Introducing the very first rogue cryptography program, CryptoLocker! People discovered CryptoLocker on PCs running Windows XP, Vista, 7, and 8 in September 2013. CryptoLocker doesn't lie quite as much as rogue AVs do. A rogue AV will typically "discover" thousands of malware items on your PC that don't actually exist. "You must pay $19.99 for Antivirus Protector 2013 to protect your PC!" when "Antivirus Protector 2013" is itself the actual malware. CryptoLocker largely does exactly what it says it will do. It will gradually encrypt files and folders on your PC, without giving the user access to the decryption. If the infected PC is a client in a local network that shares files and folders, such as a library or office PC, the shared resources will be encrypted first.

CryptoLocker will keep on encrypting files until you can't use your favorite applications and documents. Eventually, Windows won't even work properly, because essential OS files, such as dynamic link libraries will be encrypted. And it doesn't matter if you're using an admin account.

The solution, according to the CryptoLocker GUI, is to pay two Bitcoins to the makers of the program. To the uninitiated, Bitcoin is a digital currency that was founded in 2009. When I first checked Bitcoin exchanges in 2011, a Bitcoin was about $5.00 Canadian or $7.00 American. As of this writing in November 2013, a Bitcoin trades for $306.00 American or $323.00 Canadian, so it's a highly volatile currency and it may be continually rising in value. Oh, if only I bought Bitcoins in 2011! I don't think I could afford them now.

If you want to buy Bitcoins yourself, do note that they're perfectly legal to buy and use. Some mainstream banks will sell them to you, or alternatively, you could buy them online via PayPal or a credit card. The only element of illegality is that, because they aren't easily traceable like other methods of payment, they're popular for the use of buying illegal things. For example, the Silk Road was a popular eBay-like store for illegal drugs that existed only through the Tor network, under the .onion top level domain. I never bought anything there, but I took a look at the site for curiosity's sake. It was shut down by authorities as recently as a couple of months ago and the only currency allowed there was Bitcoins.

Now, the makers of CryptoLocker are using the currency. I imagine at this point, too many makers of rogue AVs have been caught by credit card companies, so the CryptoLocker folks have realized that Bitcoins are safer. Bitcoins can be bought with any major currency worldwide, but note that two Bitcoins are now over $600.00 in American or Canadian currency. Ouch!

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for MIS Asia eNewsletters.