Cryptolocker is back in the headlines,
thanks to a coordinated effort to take down the computers and criminals that
run the notorious "ransomware". But what is it? And how can you fight
it?
Cryptolocker
is ransomware: malicious software which holds your files to ransom
The software is typically spread
through infected attachments to emails, or as a secondary infection on
computers which are already affected by viruses which offer a back door for
further attacks.
When a computer is infected, it
contacts a central server for the information it needs to activate, and then
begins encrypting files on the infected computer with that information. Once
all the files are encrypted, it posts a message asking for payment to decrypt
the files – and threatens to destroy the information if it doesn't get paid.
The
authorities have won users a two-week window of safety
The National Crime Agency (NCA)
announced yesterday that the UK public has got a "unique, two-week
opportunity to rid and safeguard" themselves from Cryptolocker. The agency
didn't go into more detail, but it seems likely that at least one of the
central servers which Cryptolocker speaks to before encrypting files has been
taken down.
The NCA has also taken down the control
system for a related piece of software, known as GameOver Zeus, which provides
criminals with a backdoor into users' computers. That back door is one of the
ways a computer can be infected with Cryptolocker in the first place.
What that means is, until the window is
closed – and the virus cycles to new servers – users who are infected with
Cryptolocker won't lose their files to encryption. As a result, these users
have the chance to remove the virus before it destroys data, using conventional
anti-virus software. In other words, there has never been a better time to
update the protection on your computer.
But watch out – while the servers that
control Cryptolocker are out of action, it's possible to be infected with it
and not know. If you don't keep your computer clean, then at the end of the
two-week period, you could be in for a nasty surprise.
Cryptolocker
only infects PCs, but there are other types of ransomware
Cryptolocker is the name of one
particular virus, which only infects Windows PCs, running XP, Vista, Windows 7
or Windows 8. So if you use an Apple computer, it can't affect you. Similarly,
smartphones are safe from cryptolocker.
Although it is the most famous example
of ransomware, it's not the only one. Even in the two-week window, PC users may
be infected with other types of ransomware, and Android and Mac OS users should
carry on with their normal security precautions. Being safe from one type of
malware doesn't mean you're safe from all of them.
If
you've been infected by Cryptolocker, your files really are gone unless you
have a backup
Some ransomware is little more than a confidence trickster, presenting a message asking for payment without having done anything to the user's files. Cryptolocker isn't like that: the software really does encrypt your files, to a strength which renders it unbreakable even by the fastest computers in the world – even if they had the entire lifetime of the universe to work on it.
That means you'll have to rely on any
backups of your data to get it back. But it's important that you don't try and
restore your data before you clear your computer of the infection, otherwise
you could lose your backup, too.
Sometimes
paying the ransom will work, sometimes it won't
Except, of course, there is another
possibility. Some users hit with Cryptolocker report that they really did get
their data back after paying the ransom – which is typically around £300. But
there's no guarantee it will work, because cybercriminals aren't exactly the
most trustworthy group of people.
What's more, if the NCA really is
bringing down the command and control servers, then the criminals may not be
able to return the data, even if the ransom has been paid. There's also a whole
load of viruses which go out of their way to look like Cryptolocker, and which
won't hand back the data if victims pay. Plus, there's the ethical issue:
paying the ransom funds more crime.
This article was originally posted on:
No comments:
Post a Comment