CryptoLocker Trojan

While listening to an episode of the computer security podcast, “Security Now!”, hosted by Leo Laporte and Steve Gibson on the TWiT Netcast Network, I found out about the CryptoLocker trojan, which has been pretty troublesome to those who’s computers happen to get infected with it.

CryptoLocker Background:

CryptoLocker is the name of a trojan horse that has recently surfaced, within the last few months, and has been causing some interesting issues for those who have been unlucky enough to have had their computers infected with this piece of malware, as it actually can encrypt some of the contents of a user’s hard drive, making it virtually impossible for them to access this encrypted data unless they choose to pay a ransom that has been set by the developers of the trojan.

Specifically, the CryptoLocker trojan encrypts the infected hard drive’s files using RSA public-key cryptography, with the only key available to decrypt the data being stored on the servers that control the CryptoLocker trojan. Making matters worse is that users must pay in order to have their files decrypted, with payment types such as Bitcoin or a pre-paid voucher, and users must make this payment by a specific deadline. (According to Bitcoincharts.com, the price of a Bitcoin at the time of this posting is equal to around $954.34 US dollars!)

Should a user not make the ransom payment by the set deadline, they may still have the option to get their data unencrypted, but the price will be higher than that which was set before the deadline expired.

Although it is possible to scan for and remove the actual CryptoLocker trojan, if it is activated, thus encrypting one’s files, before the program is scanned for and removed, any files that were encrypted will remain encrypted, so a user essentially has no choice but to pay the ransom, unless they have previously backed up their files and can restore them.

Prevention and Dealing with Infection:

Like many computer viruses and other malicious files and programs, it is possible to essentially prevent one’s computer from being infected with programs like CryptoLocker, simply by being security conscious and taking some basic precautions.

Since CryptoLocker can infected computers via an infected ZIP file, sent to the user in an e-mail attachment, it is important to be cautious as to what e-mails and attachments one opens, especially if they appear to be from an e-mail address that you have never seen before or that looks weird or suspicious.

Many spam e-mails (and those that are infected with viruses and such) may appear as though they are from legitimate sources, such as a school, bank, or even the e-mail provider itself, but looking at the e-mail address that the message was sent from can pretty much give away the fact that the e-mail was sent with malicious intent. This is especially true if the e-mail contains an attachment that is in either .zip or .exe form.

Additionally, one can help to keep their computer from getting infected by a number of viruses and other malicious files or programs by running frequent antivirus, antispyware, and/or antimalware scans. Microsoft Security Essentials is an antivirus program, created by Microsoft, that is available as a free download from the Microsoft website, and can help to prevent, as well as pick up and remove, many viruses and other unwanted or harmful programs and files.

MalwareBytes is a free antimalware program, which has the option to be upgraded to a premium version (though the free version works well), and is another way that users can help to keep their computers free from infection by running frequent scans. MalwareBytes can be downloaded from MalwareBytes.org, where the premium version of the program can also be purchased ($24.95 for a lifetime license for one computer).

Example of Infection:

CryptoLocker actually managed to infect the Swansea, MA police department, forcing them to pay $750 in Bitcoins in order to decrypt the data that the trojan had encrypted on them.

In an article from the IBTimes.com website, which talks about the aforementioned infection of the Swansea, MA police department, it is stated that “According to the Security experts and the U.S. Computer Emergency Readiness Team urge people afflicted by CryptoLocker not to pay the ransom, but instead report the incident to the FBI’s Internet Crime Complaint Center. Users should regularly back up important files on external hard drives” (Ryan W. Neal).

However, if one happens to have important or necessary files stored on their computer that have not been backed up and have been encrypted by the CryptoLocker trojan, paying the ransom is the only way to get the files back.

This goes to show that even law enforcement agencies are susceptible to their computers becoming infected with viruses and other malicious files and programs, and that everyone should be careful of what is downloaded and allowed on their computers, so as to prevent things like this from happening.

For more information about the CryptoLocker trojan, you should check out this article from Wikipedia, which is where most of the information regarding CryptoLocker in this post was found, along with additional information.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s