Dealing with the Cryptolocker virus and its variants

Tuesday 07 June 2016

Ransomware has gone mainstream. Prevention is better than cure, but if it comes to it, here’s how to pay the fees.

A series of recent cases show that ransomware is an increasing problem for all kinds of businesses, organisations and individuals. No one with a computer is immune, and different sectors have been specifically targeted (such as healthcare, government organisations, and gaming to name a few), according to where the perpetrators think the money is.

Ransomware works by encrypting your files, rendering your computer and everything on it useless. To get it unencrypted, you’ll need to pay a fee to receive the decryption key. That can cost anything up to several hundred dollars in bitcoin, or other hard-to-trace and irreversible methods - more if you’re a special target, like a hospital.

CryptoLocker

Make backups and avoid suspicious links and downloads. If you must pay, get your bitcoins from a reputable source.

CryptoLocker

The first version of this kind of malware appeared in 2013, called CryptoLocker. Since then, many other variants have been released, some with the same name - hence the term is used as a kind of catch-all for ransomware. One variation, Petya, has recently been cracked, and you can search the web for details of how to unlock your files – though it’s not an easy task unless you’re pretty tech-savvy. Others, like TorrentLocker, Locky, Samas/Samsa, Maktub Locker, PowerWare and others, are nastier than CryptoLocker and have no current solutions, but to pay. In an odd twist, the makers of Teslacrypt, a version targeted at gamers, have released the master decrypt key and apparently shut up shop. A utility now exists to help affected users recover their files.

Don’t get hit

The best way to address the threat of ransomware is not to get hit in the first place. Typically, computers are infected when users click a malicious link or download a malicious file. These may look perfectly innocuous and respectable, but you can often tell there’s a problem:

  • Roll over the link to check if it really goes where it says it will.
  • Be careful with attachments like .PDFs and .zips, even if they’re from an apparently reputable source. Check the content of the email (does it contain odd errors? It’s my experience that few spammers have good English). Was it sent at an odd time of day? Check back with the sender if you are in any doubt.
  • Make regular backups. If you lost everything, could you replace it? A ransomware attack is the same.

If the worst comes to the worst

If you end up in a position where you have to pay the ransom, take care. If you’re a veteran of the bitcoin space, you’ll know what to do - once you’ve found your way around wallets and exchanges, it’s pretty simple. For newcomers, keep things simple. Use a reputable and popular wallet to store your coins (like blockchain.info for the web, or Mycelium for a smartphone), and a well-established exchange or bitcoin broker. In the US or UK, something like Circle or Coinbase is probably easiest and cheapest; if you’re in Europe, then Bitstamp or a service like Coinimal might suit you better.

If you’re in a hurry, you might want to use an informal service like Localbitcoins and other variations. These can be fast and convenient, but the message in these circumstances is: caveat emptor. Look for feedback and reputation, because having been scammed once, you don’t want to compound your losses.


comments powered by Disqus