Symantec did a great Q&A about the Cryptolocker virus you can read it below.
Cybercriminals are constantly looking for ways to evolve their malware. Evolution is the key to survival because antivirus research, analysis, countermeasures, and public awareness thwart the efficacy of malware and its spread. During the past year, Ransomware has received a lot of news coverage which has decreased the number of uninformed victims and lowered the impact and effectiveness of the malware along with the percentage of return to the criminal however we have had 5 clients recently who have been affected.
This threat is pervasive and preys on a victim’s biggest fear: losing their valuable data. Unlike earlier Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because there is no way to retrieve locked files without the attacker’s private key.
The following Q&A outlines protection against this malware:
Q: When was this threat discovered?
In September 2013 the Cryptolocker threat began to be seen the wild.
Q: What is the severity of this Cryptolocker threat?
The severity is high. If files are encrypted by Cryptolocker and you do not have a backup of the file, it is likely that the file is lost. Always remember to make a backup of your Sybiz Data regularly.
Q: How do I know I have been infected by Cryptolocker?
Once infected, you will typically be presented on screen with a ransom demand.
Q: How does a victim get infected?
Victims receive a spam email that use social engineering tactics to try and entice opening of an attached zip file.
If victims open the zip file attached to the email, they will find an executable file disguised to look like an invoice report or some other similar social engineering ploy, depending on the email theme. From here you very quickly get infected and your whole network can get infected almost within minutes.
Q: How sophisticated is this threat?
While the Cryptolocker campaign uses a common technique of spam email and social engineering to infect victims, the threat itself also uses more advanced techniques like the following. It employs public-key cryptography using strong RSA 1024 or 2048 encryption. Once files are encrypted without the private key held on the attacker’s server, the victim will not be able to decrypt the files.
If you could try 1000 combinations a second, it would still take 1.7182 x 10^2629 years to decrypt. That is a mind-boggling amount of time – longer than the universe has existed, several times over.
Q: How prevalent is the threat?
Symantec analysis of this threat shows that the threat is prevalent in the United States at present. While the numbers being reported are low, the severity of the attack is still considerable for victims.
Q: Should I pay the ransom?
No. You should never pay a ransom. Payment to cybercriminals only encourages more malware campaigns. There is no guarantee that payment will lead to the decryption of your files.
Q: Who is behind the Cryptolocker malware?
Investigations into the cybercriminals behind the Cryptolocker malware are ongoing.
Q: Is there any advice on how to recover files affected by this attack?
Yes, Contact your IT provider or AlphaBiz Solutions for help. Having regular and up to date backups is critical.
Q: Any advice on how to not become a victim?
Yes. First, follow information security best practices and always backup your files every day and in some instances, multiple times per day may be advisable. Your IT Provider should be keeping systems up to date with the latest virus definitions and software patches. Also, refrain from opening any suspicious unsolicited emails.
If you need any more information or help with or would like us to check an email you are unsure of please call AlphaBiz Solutions on 08 9277 2226