When the CryptoLocker ransomware virus first appeared in September, few IT experts expected it to stick around for so long. But in 2014, the ransomware, which generally appears as a .ZIP, .PDF, or .EXE file attached to an unfamiliar email, is still infecting computers at an alarming rate, according to a Dell SecureWorks analysis. A University of Kent survey released in March revealed that 1 in 30 users have been hit by the virus — and 40% of those had paid the ransom.
Once CryptoLocker infects a machine, it encrypts all accessible files and attempts to extract hundreds or even thousands of dollars in payment to de-encrypt them. The payment is requested in Bitcoin, a digital currency rising in mainstream visibility but still lurking in the shadows of legitimacy.
Here’s a Bitcoin primer: the open-source, peer-to-peer payment network was introduced in 2009, quickly becoming the chosen currency of the online world’s dark underbelly thanks to the fact that it requires no exchange of notes or tokens between buyer and seller. Instead, buyers request an update to a public transaction log, called a “blockchain,” that is maintained via a decentralized network of Bitcoin “miners” who verify timestamp payments.
By 2013, Bitcoin was dominating mainstream news stories, thanks to extreme price volatility, US Senate hearings, and China’s decision to heavily regulate the currency. Bitcoin is gaining acceptance among legitimate vendors and merchants, including Virgin Atlantic, OkCupid, and Reddit. And many economists say Bitcoin use could become more widespread due to ease of use and lower transaction fees.
Bitcoin plays a big role in one nasty endeavor, though: the aforementioned CryptoLocker virus. After an initial requirement that affected users pay the ransom in MoneyPak prepaid credit cards, later iterations changed their payment method to Bitcoin. The only problem was that Bitcoin enjoyed a stupendous surge in value around the same time, raising the ransom’s going rate from around $300 per “coin” to, in some cases, over $4,000.
Many IT service providers admitted that computer users who didn’t have sufficient backup and disaster recovery systems like CMIT Guardian probably would have to “pay up” to recover their CryptoLocker-affected files. But security officials deplored the practice, saying it would only encourage Bitcoin’s continued use as ransom. “If even a few victims pay, then the cybercriminals will think they have got a viable business model and keep infecting people and asking for ransoms,” Dmitri Bestuzhev, a spokesman for anti-virus behemoth Kaspersky, told The Guardian in 2013. “If nobody pays, they will stop these campaigns.”
For now, here are 5 steps to avoid CryptoLocker infection:
• Implement regular, remote backups and a sound disaster recovery plan
• Never open ANY attachment from ANY sender you don’t recognize
• Validate ANY link in ANY unfamiliar email before clicking by hovering over it and looking for legitimate IP addresses, not long strings of unrelated characters
• Ensure that solid firewall, anti-virus, anti-spam, and malware programs are in place
• Have a trusted IT professional assess the security of your systems
CryptoLocker is one of the most devastating viruses to appear in recent years. If you want to enjoy unparalleled levels of protection, contact CMIT Solutions and put our backup, disaster recovery, system monitoring, and encryption tools to work for you.