Ransomware, malware that takes over your computer and holds your files hostage, is nothing new. But it's latest incarnation is something that has the FBI and other law enforcement officials worried.
What has galvanized official attention and terrorized some computer users is Cryptolocker, a Trojan that encodes all the files on your computer so that you cannot access them without the key. And the key will cost you. A spokesman for the FBI in Boston says having Crytolocker on your computer is about the same as having your computer “destroyed.”
Launched with email
It all starts when you receive an email purporting to contain tracking information about a package that is in transit. This time of year millions of consumers are expecting packages.
The email contains a link with instructions to click on it to find out where your package is. However, if you click on the link you launch cryptolocker and your computer locks up. A screen pops up with instructions to follow, along with a countdown clock. When the clock reaches zero and you have not submitted payment the program destroys all the files on your computer. Yeah, these guys don't mess around.
According to report by WBZ-TV, even the Swansea, Mass., Police Department fell victim. The entire department's computer system fell under control of Cryptolocker and it cost the police $750 to get it unlocked.
The security software firm Sophos says Cryptolocker is a worldwide problem and could get much worse in the year ahead. Once a computer is infected, Sophos experts say the Cryptolocker gang demands a payment of about $300 in untraceable bitcoins in exchange for the encryption key to unlock the files. But as in any extortion scheme, there is no guarantee that they will unlock your computer after they have received the ransom.
The danger, says James Lyne, Global Head of Security Research at Sophos, is Cryptolocker's simplicity. It requires no special set of skills and your average non-hacker scammer can easily figure out how to use it. Not only will it become widespread but we could see even more variations of it in the years ahead.
”Cryptolocker is very much a deviation from the norm, and I actually think it is a sign of things to come,” James said in an interview with the BBC.
Security experts at McAfee say Cryptolocker is a significant jump in the threat level from so-called “scareware.” This type of malware flashes a warning that your computer has been infected with a virus and offers to remove it for a the small cost of a download.
McAfee says most scareware programs are easily removed and consumers soon learned they didn't have to pay. Cryptolocker, however, significantly raises the bar.
“The encryption method may be known but if the key used is unknown then decryption is, if not actually impossible (the NSA could probably do it), then not feasible for almost everyone who is affected,” McAfee warns on its website. “Cryptolocker is the most recent and most widespread of this class of ransomware, and someone somewhere is raking in the cash as a result. Note that payment for decryption cannot be done using credit cards: you have to make payments using MoneyPak vouchers or BitCoins.”
In the video below, a British security expert purposely infected a computer and walks you through the steps of paying off the extortionists and getting your files back. As you will see, it is not a simple process.
To avoid falling prey to this scam, never click on a link in an email. Easier said than done, perhaps, but that's the unfortunate truth.