A new and very dangerous virus, the CryptoLocker ransomware virus, is infecting companies across the United States. Many forms of ransomware have historically been quite successful in extracting payment while holding the victims PC’s hostage. However, CryptoLocker might be the most effective to date.
This ransomware will encrypt certain files using asymmetric encryption. When it has finished encrypting files, it will display a CryptoLocker payment program that prompts users to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that there is 96 hours, or 4 days, to pay the ransom or it will delete the encryption key and there will no way to decrypt the files. This ransom must be paid using MoneyPak vouchers or Bitcoins.
According to the article the virus infects the company’s data when employees check their personal email at work. They receive an email telling that they have a package to pick-up. The employee clicks on the link to get more information about the package and then the computer gets infected. It quickly spread through the company’s system looking for some specific file extensions such as *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
The virus is “smart” as it searches for the files that have most value for the company like Word Documents, spreadsheets, database among other files. The next time that the company will try to open the file encrypted by the virus a window will pop up in the screen displaying a CryptoLocker payment message.
There are at least 3 different variants of their virus. These hackers are making a huge amount of money holding corporate America hostage for their data.