infonews.co.nz
INDEX
TECHNOLOGY

CryptoLocker encryption virus blocks access to data

Saturday 6 February 2016, 1:56AM

By Primo V.

1031 views

Cryptolocker Ransom Note
Cryptolocker Ransom Note Credit: Nabz Software

Since recently, encryption is widely used by dark web actors. They develop and distribute software called ransomware. The ransomware applies encryption to render data unreadable. It withdraws relevant decryption key and forces users to pay the ransom. Unless the ransom is paid, the infection destroys the decryption key.

CryptoLocker is among the latest releases of such ransomware.  The greatest issue with cryptic malware as compared to common infections is the impact of infection removal. If you remove CryptoLocker malware, that does not recover any affected data. Moreover, the removal of CryptoLocker implies you are no longer able to purchase the decryption key. Needless to say, buying the key shall apply as a last resort measure, if ever. In some cases, victims but have no choice as stakes are too high.

If you remove a common infection, it can no longer harm your PC. At least, that applies to redirect viruses, key-loggers, and counterfeits of all kinds. The extermination in those cases is critical, for the longer the infection resides on your PC, the greater harm it is to cause.

With the ransomware like CryptoLocker, the damage is done immediately after landing. In rare cases, the firewall may intercept the outgoing decryption key. In such cases, it is not entirely clear how and why the firewall has failed to prevent the invasion. 

In that relation, the ransomware introduction and behaviors shall be outlined. CryptoLocker is available at underground forums and communities. Its developers most likely do not spread their virus with their hands. Instead, they have made it available to some affiliates. The affiliates return to their principal a share, typically no less than 25 %, of each ransom payment settled by the victims. 

The distributors inject copies of the ransomware using a variety of methods. Spamming prevails.  Other techniques exploit corporate network and individual machine vulnerabilities, etc. Even drive-by downloads have been reported. 

Once CryptoLocker crypto virus lands into a target computer, it installs its components. The installation runs in the background. Security solutions, if not advanced, neither detect nor terminate the installation. 

Once installed, the virus scans all the drives available on the affected machine. Its scan covers native drives of the affected device, as well as local network, Google drives, as applicable. 
The infection targets any data available. A case has been reported recently. It featured the infection landing into the corporate network. The network data was secured with regular backups.

However, the backups were stored at one of the machines within the network. Any access restriction did not apply. The virus thus has been able to encrypt the data in the backup. 

The data detected by ransomware undergo a complex transformation. A decryption key is issued and dispatched safely to the remote server. The key is required to decrypt the affected data.

The ransomware creates its ransom note. The note sets the amount and deadline and method for transferring the ransom. The ransom is payable in bitcoins. 

To sum it up, it is good to make timely backups of your data. The reserve copies shall be stored outside any network.

It is also good to prevent unverified data downloads. Even emails from your approved contacts shall be security-checked.

Last but not least, paying the ransom is what the scammers expect us to do. If you have been unfortunate to get the ransomware on your PC, please try to recover your data. The decryption is not possible without the key. However, system and third party recovery solutions are likely to restore the affected data to the extent that will satisfy you.

Once you have completed your data recovery, do not forget to get rid of CryptoLocker.