The world of malware is getting brutal than ever and ransomware, as addressed by security experts is now nasty. The one, named CryptoLocker which takes hold of a computer will encrypt every file stored in it and locks it with a password. This is similar to what is being done using SSL Certificates on websites but the problem lies in what happens next. A timer starts running which shows that the user has three days left to pay the ransom or they have to face complete deletion of their important data. Someone who’s on the other side of this attack demands three hundred dollars in ransom and suggests them to transfer the money in the form of Bitcoins to an unidentified account.
“This said attack is transmitted through an e-mail with an encrypted zip file as attachment.”
The message is legitimate enough to fool e-mail service providers into thinking that this isn’t a scam and ended up in the Inbox rather than the spam folder where it’s supposed to be. It didn’t just target individuals but an entire company in the IT industry. The person who downloaded the message left it open on his PC and it was only when the IT staff received a warning regarding a malicious file, the presence of CryptoLocker was identified. At first, they witnessed many of the integral files corrupted and they were not accessible by users.
The same issue was faced by multiple employees in the said company. Security experts realized this is ransomware and shut down the local network connection to stop it from spreading to the entire network. A red warning message flashed on screen demanding a ransom. A handful of antivirus software programs identified this issue but it was too late.
“The encryptions were sophisticated as found in SSL Certificates and based on the 2048 bit RSA cryptographic algorithm, the best of all.”
In order to bring back the data, one needs a key stored on the server which will be deleted within 72 hours if the ransom is not paid. This was the content found in the message. For the time being, the security experts advised the company staff to comply with the demand and got their files restored.
But, for others, SSL Certificates style encryption was not restored but rather their Bitcoin accounts were targeted as well and some never received the key as promised by the hacker. Those without backups will suffer the most if they face the CryptoLocker.