CryptoLocker ransomware gives an unfair ultimatum

Blackmailing in the primary focus of the criminals who run ransomware campaigns. The instruments they leverage are computer applications that are coded specifically to withdraw one's personal files and then sell a service to reinstate them. In the meantime, the bad guys stay anonymous all the way through the virus deployment lifecycle, because they impose secure digital currency and use Tor connection with their command and control server. The malware called CryptoLocker exemplifies these ill practices to the fullest.

This ransomware applies strong crypto (RSA-2048 or AES) to encrypt the victim's files. In order to figure out what objects on a PC could be regarded as personal files, CryptoLocker scans all drives represented as a letter in the HDD structure, including removable ones, and looks for items with popular extensions such as .doc, .pdf, .xls and so on. As mentioned, all detected entities get automatically encrypted and thus become inaccessible via any regular software. The malware also displays a warning screen that explains what happened and instructs the victim on what is expected of them. More specifically, the user is told to submit a payment in Bitcoins otherwise the data will be lost beyond recovery. If the ransom isn't paid on time, that is, within 72 hours, it will double.

Is it easy to avoid this infection? The answer is probably No rather than Yes. The hurdle in terms of prevention is that CryptoLocker is often distributed by exploit kits, which are powerful tools that use security holes in unpatched software in order to infected computers. Unsuspecting users can catch this digital malady on a site that looks perfectly safe and unaggressive but hosts the exploit kit or redirects to another malicious page hosting it. The attack proper is pulled off inconspicuously.

Even though paying the ransom reportedly gets users their encrypted files back, it's hard to call it a good and smart idea. Some workarounds, such as the use of Volume Shadow Copies and file recovery applets, can do the trick and upset the mean attackers.

Contact email: Ferdex,J@gmail.com