CryptoLocker ransomware virus

A new and very dangerous virus, the CryptoLocker ransomware virus, is infecting companies across the United States. Many forms of ransomware have historically been quite successful in extracting payment while holding the victims PC’s hostage. However, CryptoLocker might be the most effective to date.

This ransomware will encrypt certain files using asymmetric encryption. When it has finished encrypting files, it will display a CryptoLocker payment program that prompts users to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that there is 96 hours, or 4 days, to pay the ransom or it will delete the encryption key and there will no way to decrypt the files. This ransom must be paid using MoneyPak vouchers or Bitcoins.

According to the article the virus infects the company’s data when employees check their personal email at work. They receive an email telling that they have a package to pick-up.  The employee clicks on the link to get more information about the package and then the computer gets infected. It quickly spread through the company’s system looking for some specific file extensions such as *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.

The virus is “smart” as it searches for the files that have most value for the company like Word Documents, spreadsheets, database among other files. The next time that the company will try to open the file encrypted by the virus a window will pop up in the screen displaying a CryptoLocker payment message.

There are at least 3 different variants of their virus. These hackers are making a huge amount of money holding corporate America hostage for their data.

Resources
http://www.kctv5.com/story/23853533/new-cryptolocker-ransomware-virus-attacking-us-companies
http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/

Advertisements

6 thoughts on “CryptoLocker ransomware virus

  1. Doubly dangerous seeing that many of the methods to purchase Bitcoins are questionable in their own regard. I’m sure the hackers provide you with a worthwhile link to a reputable bitcoin dealer though.

  2. the fact that the article points out that “Any attempt to remove or damage this software will lead to the immediate destruction of the private key by the server.” is definitely something noteworthy and alarm. I wonder how many companies have been attacked and preventative measures against this type of attack are taking place.

  3. My friend has gotten the FBI ransom-ware. It’s some pretty scary stuff, especially when you see the big federal bureau of investigations seal. He thought he was going to get arrested, but I told him something is not right, because they wouldn’t let you know that they are watching. They would just catch you.

  4. Ransomware are really the scary ones. Getting remotely locked out of your own data is probably a terrible experience to have. I wonder if ransomeware are that common though. It’s definitely a trend that will last if it turns out profitable for criminals.

  5. I think it’s unbelievable how this ransomware is able to locate the files that hold the most value to the company. The time constraints on payment that this infection claims gives users very few options, if any, to deal with the issue without paying. Unfortunately, when it comes down to the possibility of one’s important files being inaccessible, he or she is basically forced into paying the ransom fee. However, I wonder if the virus will truly delete the encryption key after four days, or if that threat is in place simply to scare infected users.

Comments are closed.