Encrypting Your Data Is a Good Thing... Unless Someone Else Has Done It

'Ransomware' Trojans, as the name suggests, are designed to directly extort money from their victims. They may block access to a computer's file system, or encrypt data that's stored on it and then ask for a payment to release the data.
|

Most of the time cybercriminals try to be as stealthy as possible: they rely on the fact that their activities will go unnoticed. Lurking behind false websites, sending emails purporting coming from legitimate sources, even taking to using fraudulent phone calls to try and extract that valuable information are all ways in which cybercriminals hide their true intentions. And the code they install on their victims' computers is designed to show no signs of anything untoward. But their methods are not always so subtle.

'Ransomware' Trojans, as the name suggests, are designed to directly extort money from their victims. They may block access to a computer's file system, or encrypt data that's stored on it and then ask for a payment to release the data.

The modus operandi of such malware varies. Some claim to have found unlicensed software on the victim's computer and demand payment before allowing further access to the computer. Some masquerade as pop-up messages from police agencies that report the presence on the computer of pornography or illegal content and demand a fine. Some involve no subterfuge at all - they simply encrypt data and warn the victim that unless they pay up all data will be erased.

This third method is employed by the cybercriminals behind the Cryptolocker Trojan that Kaspersky Lab analysed in October and which continues to trap new victims.

The data of every victim is encrypted differently, using a unique key that Cryptolocker downloads from its command-and-control (C2) server. And Cryptolocker doesn't just make use of one C2 server, since this would make it vulnerable if the location of that computer were discovered: instead, it selects which server to use from a list of 1,000 unique domain names every day.

The cybercriminals give their victims only three days to pay up - and they reinforce their message with scary wallpaper that warns them that if they don't pay up in time their data will be gone forever. For many victims, paying the requested ransom is an acceptable solution in order to recover their precious files, encouraging cybercriminals to continue with these attacks. People often don't even consider co-operating with law enforcement agencies, preferring to choose the fast and easy way to get their data back, making it harder for these agencies to gather evidence against the criminals.

Moreover, the use of online payment methods makes the process of tracking the people behind the attacks even more difficult and the criminals accept many different forms of payment, including Bitcoin.

This threat is currently very close to home with the most affected countries being the UK and US, distantly followed by India, Canada and Australia.

Removing the malware isn't actually the biggest problem facing victims of Cryptolocker, rather it's the threat to data stored on the computer(s). This is why it's essential for everyone to make regular backups. If you don't have a backup, you might lose all your precious data. If you do, then an inconvenience will not become a disaster.