Archive for December 2013 | Monthly archive page

Protect yourself from CryptoLocker

Over the years the nature of computer viruses has seen a change in focus. When the earliest reported example, Creeper, first appeared back in 1971 its sole purpose was to gain access to a system and display the message ‘I’m the Creeper, catch me if you can!’. Now, with so much valuable information about us stored on our computers and web services, something far darker has emerged. Ransomware is a new class of virus / trojan horse that has begun to appear on PCs in the last few years, and it is something you should be very concerned about.

The principle of Ransomware is simple. Usually it sneaks into a system disguised as an email attachment and, if opened, then proceeds to encrypt the files on your machine. When this has completed the virus deletes itself and tells the user that their data has been taken hostage and will only be released if they pay the demanded ransom for a key. These style of attacks were first reported in Russia back in 2004, with the Gpcode trojan horse. Security analysts at Kapersky labs were able to crack the hold Gpcode had over data by exploiting mistakes the author had made in the code.

Now it’s back and this time the encryption is rock solid.

Cryptolocker

CryptoLocker is the latest Ransomware virus to strike unsuspecting users, and so far it’s proven impossible to crack. What’s more, it doesn’t just take all the data on your hard drive.

“It also searches for files on all drives,” reported Steve Gibson on the Security Now podcast, “and in all folders it can access from your computer: including workgroup files shared by colleagues, resources on company servers, and more. Anything within its reach it encrypts…so if you have hot online backups they’re victims of this. Essentially the more privileged your account is, the worse the overall damage will be.”

When all of this is completed, Cryptolocker puts up its money demand page, complete with options of payment (Bitcoins or MoneyPak), usually for around three hundred Euros. There’s also a badly worded message telling you that your files have been encrypted and that any attempt to remove the software will destroy the only key that could possibly decrypt it. In a James Bond-style moment of drama the authors place a countdown clock, normally set for 72 hours, which immediately begins to tick down to the moment your data will be destroyed forever. Photos, videos, documents, music, pretty much anything at all that is on your hard drive, all gone.

The structure of the virus is such that it’s not actually possible to create a key for the encryption, because the data needed to do so is held only by the originators of the virus.

“The RSA encryption algorithm uses two keys: a public key and a private key.” explains Kapersky lab expert VitalyK on the Securelist website.  “Messages can be encrypted using the public key, but can only be decrypted using the private key. And this is how Gpcode works: it encrypts files on victim machines using the public key which is coded into its body. Once encrypted, files can only be decrypted by someone who has the private key – in this case, the author or the owner of the malicious program.”

The removal of the virus itself is of little use to the victim, and shutting down the server that holds the key will only result in the loss of the decryption tool, plus this is difficult because the servers switch location on a weekly basis. So most people who suffer a CryptoLocker attack are given the simple advice of either paying the ransom or losing the data, but like in any hostage situation you can never guarantee that the criminals will honour their terms.

Such is the increase of the CryptoLocker attacks in the UK that the National Crime Agency released a statement from its Cyber Crime unit in which it warned:

“The emails may be sent out to tens of millions of UK customers, but appear to be targeting small and medium businesses in particular. This spamming event is assessed as a significant risk.”

The complexity and sophistication of a program such as Cryptolocker is in itself an unsettling precedent. It suggests more than a simple bedroom hacker with impressive coding skills and little conscience, but instead has traces of the fast growing underworld of professional cyber criminals.

“Something of this size…is a well organised group.” says Stephen Doherty, Senior Threat Intelligence Analyst at Symantec. “There’d be dedicated segments to this, because its such a large and focussed operation. The distribution of Cryptolocker in recent weeks is as high, or higher, than most trojans you’d see out in the wild.”

The need for resources to actually run the scam is also a clue to size of the proponents.

“There’s a lot of stages to this,” Stephen continues, “to infect so many machines on an ongoing basis, and try to process all the money in the background. You’d want a well organised team behind you.”

How to protect yourself from a Cryptolocker attack

The rise of the interconnected digital world has brought with it problems that previously existed in the physical realms. From chancers who play on the innocence of victims, up to serious organised crime that has money, skills, cruel intentions and the willingness to use them on the unsuspecting public.

Take solace though, that we do have ways to protect ourselves from these evil spectres of the web.

The first, and most obvious, is to regularly run full backups of your valuable data and then remove the drive from your computer, preferably storing it off-site. See also: How to back up your PC and laptop

Another is to create several online backups via free services such as Dropbox, Google Drive, Skydrive, etc., which usually offer versioning – and thus a way to roll back to older versions of your files.

The most important though is to never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting at the time, but the results could be utterly catastrophic.

This article appeared on PC Advisor

Irish Web Design – Protect yourself from CryptoLocker

Internet ransomware demands cash to unscramble files

Internet ransomware demands cash to unscramble files

cryptolocker
Cryptolocker’s sophisticated use of encryption has made it hard to defeat

Malicious programs that demand a ransom to restore files that they have encrypted are starting to proliferate.

Security company IntelCrawler has discovered malware called Locker that demands $150 (£92) to restore files.

The cyber-thieves behind Locker were trying to emulate the success of CryptoLocker that has racked up thousands of victims this year.

However, IntelCrawler said, flaws in the malicious program suggest it might be easier to defeat than CryptoLocker.

IntelCrawler said it first saw “large-scale distribution” of several different versions of Locker early this month. So far, the malware has managed to snare people across the US, Europe and Russia. It is spread via infected files placed on compromised websites and through booby-trapped files disguised as MP3s.

Unscramble

Analysis by Andrey Komarov, of IntelCrawler, shows that when Locker infects a machine, it deletes files leaving only encrypted copies behind and also drops a small file containing a unique ID number and contact details for Locker’s creators.

The file also warns that no key will be given to any victim who harasses or threatens the malware’s creators.

Those who want to get their data back are encouraged to use the contact details and, once the ransom is paid, each victim gets a key to unscramble files.

However, help could be at hand for anyone hit by Locker, said Mr Komarov, as IntelCrawler had managed to penetrate the network the cyber-thieves were using to monitor victims. This helped the company extract the universal keys used to scramble target files.

“Our researchers are working on the universal decryption software in order to help the victims,” said Mr Komarov.

Irish Web Design – Internet ransomware demands cash to unscramble files

This article is from the BBC News Technology

Visit Us On TwitterVisit Us On FacebookCheck Our Feed