Cryptolocker Malware Holds Computers Ransom for $300

A particularly nasty malware known as Cryptolocker holds computers users’ data for ransom and demands $300 to restore the files.

Cryptolocker

This particular malware is spread in email attachments which claim to be from a legitimate businesses. It may also be spread via drive-by downloads (that is, software installed by simply visiting a malicious link).

Once installed, Cryptolocker “locks” the files on the computer by means of encryption, and the files can only be unlocked using an encryption key. If the user does not pay the $300 ransom in the allotted time, the encryption key is deleted, and the files are essentially lost forever.

Cryptolocker installs itself in the “Documents and settings” folder on Windows computers and scans the hard drive for certain file types to encrypt. One completed, the victim is shown a red warning screen with a ticking clock, displaying the time limit to pay the ransom, which is typically 72 to 100 hours.

The most common method for distributing Cryptolocker is via fake UPS, FedEx, or DHL tracking emails, using attachments disguised as PDF files. (See here and here for examples of such fake emails). Various other types correspondence have been used, but they always include an email attachment.

To prevent being tracked, the hackers behind Cryptolocker demand being paid via anonymous cash forms, such as Bitcoins or Green Dot MoneyPak.

To date, there is no known protection against Cryptolocker once it has been installed and files have been encrypted. Malwarebytes suggests that a System Restore or other recovery methods may restore some files. It also lists file types targeted by Cryptolocker:

3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

International Business Times states that paying the $300 does get a valid key and will restore your files, while some on this forum state that it may not.

Bottom Line

Cryptolocker is a real threat. The best defense against Cryptolocker is to avoid opening unknown email attachments or clicking on links posted on social media websites. It’s also best to keep your data backed up regularly. Some anti-malware apps are designed to prevent malware from being installed before they can cause damage.

• Cryptolocker Ransomware: What You Need To Know (Joshua Cannell, Malware Byters: October 8, 2013)
• CryptoLocker Virus: New Malware Holds Computers For Ransom, Demands $300 Within 100 Hours And Threatens To Encrypt Hard Drive (Ryan W. Neal, International Business Times: October 21, 2013)