CryptoLocker: Evil Never Dies, It Just Evolves
- Tags: CryptoLocker
One of the earliest Ransomware viruses to surface, CryptoLocker is pretty much the Big Boss of all such malware floating around the internet. It first appeared in 2013 and soon became the poster child for all malicious programs that encrypt user data and demand ransom. It uses a highly secure RSA Public Key that renders the hijacked files as unrecoverable through any possible means. Even after its command servers were brought down in a government crackdown that involved the Interpol and FBI, the affected files could not be decrypted.
Outbreak of Evil
CryptoLocker was notorious for disguising itself through genuine looking emails that often mimicked those from a government organization. The malware itself is hidden in a zipped attachment that the user is tricked to unpack its contents. It effectively hides the Trojan file as windows default settings do not show file extension, keeping it from being detected. Once the user runs the particular EXE file it attaches its malicious codes in the user’s profile and registry and creates a backup so it cannot be easily deleted.
Once it sets its roots in your system, it encrypts your files with AES encryption, with a random key generated by the Trojan. It then overwrites all computer files with the encrypted copies, making it nearly impossible to recover the data through any means. Only the Public key that the malware’s command server holds, will be able to decrypt the hijacked files.
What Can It Infect?
Thankfully, this virus doesn’t infect and encrypt every file it comes across and mostly targets non-executable files that have been listed for encryption in its binary code. It changes the registry values for each file it targets, signaling the victim that his data has been hijacked.
Once all the files have been encrypted, the Ransomware will ask for a payment to retrieve the data. However, it will provide a time limit in which the payment needs to be made or else the security key will be deleted by the servers making the data irrecoverable. Interestingly, the Ransomware is also known for providing a currency conversion table that might include a higher amount if the ransom is paid in a particular currency.
Fortunately, CryptoLocker is one of the few Ransomwares that have been brought down by law enforcement agencies. Although it is still extremely difficult to break its encryption and retrieve the data, there are various ways how you can avoid it totally.
- Do not open any suspicious emails and spam messages
- Backing your data up is the best prevention. Use any backup software or app such as Ransomware Protector to secure your sensitive data and files from any malware attacks.
- Enabling file extensions in windows is also a great option as helps you detect any harmful executable files.
- Do not give in to Ransomware’s demands that will keep them from making this a profitable business.