ALERT: New Virus Demands Ransom For Your Data
A new type of malware is developing that renders computers unusable until their owners pay a ransom. Worse, the latest example of such ransomware will be sold for as little as twenty-five bucks to anyone who wants easy money. We could be in for a massive wave of cyber-blackmail. Here's what you need to know...
Ransomware Encrypts Data Until You Pay
Ransomware is not a new concept. The so-called “FBI fine” malware has been around for a few years; it displays a message, purportedly from the FBI or other law enforcement agency, accusing the user of a cyber-crime and preventing any use of the machine until the user pays a “fine” electronically. (See my related article Is The FBI Holding Your Computer for Ransom?)
This type of ransomware does not damage a computer; it only locks a user out. But the latest generation of malware now spreading goes further...
The CryptoLocker virus covertly encrypts all user data on Windows computers with the practically unbreakable Blowfish algorithm, a public/private key encryption method. Affected files include the user's Word documents, spreadsheets, PowerPoint presentations, databases, photographs, and emails.
When the encryption process is finished, Cryptolocker displays a message telling the user, “We got ya,” and how to pay a ransom in order to obtain the private key necessary to unlock his/her data.
The scammers will not accept payment via credit card or Paypal, which can be traced to the account owners. They demand payment via anonymous cash services such as Bitcoin or MoneyPak. This makes it harder for authorities to follow the money trail and find the perpetrators.
Cryptolocker was developed and deployed by a small group of cyber-criminals, but it has managed to infect an estimated 250,000 computers since September, 2013. It can attack in a variety of ways, including compromised websites, rogue downloads from file sharing services, and phishing emails that purport to be from your bank, Fedex, UPS, or some other well-known business entity.
A Growing Threat
A new, “improved” version of the same despicable idea is being developed for sale to all comers, which could mean thousands of bad guys distributing an even more destructive ransomware package. Powerlocker, as this malware is called, encrypts user data and also prevents the user from doing anything except interact with the ransom payment screen, a combination of Cryptolocker and the FBI ransomware tactics.
To further limit what can be done with an infected machine, PowerLocker will disable the Alt-Tab, Windows and Escape keys, and prevents the user from running Task Manager, Registry Editor, MSConfig, and Command Prompt windows.
Powerlocker can also detect whether it is being run in a virtual machine or “sandbox,” an isolated area of memory from which applications cannot alter user data. Presumably, this means that Powerlocker will not activate its nasty payload, or will behave in a benign fashion in these environments. This enables Powerlocker to thwart security researchers attempting to safely study the malware.
A group of volunteer “white hats,” security experts who combat malware as a matter of principle, discovered the plot to create Powerlocker while monitoring hacker forums. The group, known as “Malware Must Die” or MMD, published its findings to warn the security software developers and end users of this new, alarming threat.
I will note that so far, all we have is talk about Powerlocker and plans to sell it for as little as $25. No one has seen the ransomware in action. It could be just a bluff, a troll of the security community. But if it’s real, it could be a very big problem.
Preventing CryptoLocker and Similar Infections
What can you do to protect against this threat and others like it? Just keep doing what I have always advised: keep your operating system and anti-malware applications up to date; avoid suspicious Web sites, emails, and other contacts with the online world “out there;” and use common sense when it comes to installing unknown software or opening email attachments from strangers.
You may see products advertised that claim to protect you from Cryptolocker and related threats. But if you're not careful, you could end up installing a "wolf in sheep's clothing" virus that does just the opposite. The good news is that according to VirusTotal, almost all commonly used anti-virus programs will block Cryptolocker from attacking.
The only thing I'd recommend as an extra layer of protection is a little program called CryptoPrevent, which modifies some Windows settings to prevent infection by Cryptolocker and related malware. Note that there are both Free and Premium versions of CryptoPrevent. For information about the program, see this page. You can also go directly to the download for the free version.
If you do get infected by Cryptolocker, Powerlocker or some other virus that attacks by encrypting your files, should you pay the ransom to regain access to your files? Although I've heard that it does work, my advice is no. Doing so only encourages more cybercrime activity. You can either wipe your hard drive and reinstall, or make sure today that you have a complete backup that enables you to restore everything. See my related article Free Backup Software Options to learn how you can get started with a backup strategy.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 14 Jan 2014
|For Fun: Buy Bob a Snickers.|
Ten Free Cloud Backup Services
The Top Twenty
Geekly Update - 15 January 2014
There's more reader feedback... See all 27 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- ALERT: New Virus Demands Ransom For Your Data (Posted: 14 Jan 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved