Ransomware

For computer users, a form of malicious code dubbed ransomware can be among the most frightening forms of computer invasion – suddenly, your screen is replaced by a message that appears to be from the police, demanding money, or a message saying your files are lost unless you pay a ransom to unlock them.  One particular form of ransomware, referred to as filecoders, is designed to extort money by encrypting a user’s files and demanding payment to access them. One of the most prevalent examples of this type of malware is called CryptoLocker.

Below are some tips that can help – even if you’ve already fallen victim.

Don’t pay the money.  No police force on Earth will lock your computer and demand money – the message is NOT from the FBI. Do not pay the money. Contact a computer professional instead, if you can’t unlock it yourself. In some cases – especially filecoders – there may be nothing you can do, but an IT professional should be your first stop.

Don’t pirate software, music, or movies.  Pirate sites offering free music, games or films are often infested with malware – but this year, cybercriminals have been “gaming” Google searches to infect wannabe pirates with ransomware. Ordinary Internet searches lead people to such sites – with cybercriminals using “black hat” SEO to push infected sites high up in Google results.

Don’t think that if you get past the lock screen, it’s “gone”.  It is sometimes possible to get “past” the lock screen displayed by some forms of ransomware – but that doesn’t mean you’re safe. Your computer is probably still infected. Either invest in AV software or contact an IT professional for help.

If you are backed up, you’re “immune” to filecoders.  Filecoders rely on one thing – that you keep unique, precious files on your PC. Don’t. You don’t keep family heirlooms in your car – you keep them in a safe. Do the same with your data.  If they have backups, than the malware is merely a nuisance.  So, the importance of doing regular backups should be strongly reiterated.

There are, however, at least two “fortunate points” about this malware: It’s visible, not hidden, and the user knows he’s infected – unlike many other malware types that could be stealing money/data silently (of course, that doesn’t mean that he’s not infected with something else together with the filecoder!)

Try and rescue your files.  Unless you have in-depth knowledge, you should contact an IT professional to help with filecoders – and don’t get your hopes up, as many use strong encryption which is basically impossible to break.  In some cases, when the filecoder uses a weak cipher, or a faulty implementation, or stores the encryption password somewhere to be recovered, it may be possible to decrypt the files.  Unfortunately, in most cases, the attackers have learned to avoid these mistakes and recovering the encrypted files without the encryption key is nearly impossible.

Learn what “backup” means – and choose the right solution for you.  For home users, a simple way to start “backing up” – without delving into complex solutions – is to use cloud services such as Google Drive, Amazon, Dropbox and Flickr to store documents, music, videos and photos. These services offer free versions, and can at least save some of the most personal files on your computer from being devoured by malware.

How Ransomware Works

There are many state of ransomware, these include CryptoWall, TorrentLocker and  CTB-Locker, to name a few.  CTB-Locker is a ransomware variant that encrypts files on a victim’s hard disk before demanding a ransom be paid to decrypt the files.  

The CTB-Locker malicious spam campaign attack vector is an email with a ZIP or a CAB attachment claiming to be a FAX or invoice. These ZIP or CAB containers hold a downloader that are likely new variants of several different families of ransomware. These downloaders are generally a portable executable file type (.EXE, .SCR, .BAT, .PIF, .CMD) and are responsible from downloading the secondary threat, which is an encrypted file that performs the actual encryption routine.