The FBI is alerting PC owners of a new kind of “ransomware” called CryptoLocker. Ransomware is a type a type of malicious software designed to block access to a computer system until a sum of money is paid. CryptoLocker encrypts your files and holds them hostage until you pay a ransom of several hundred dollars, typically within three days.
This software is being spread through email and by what is known as “drive-by downloads.” These types of downloads happen when a computer user is just “driving by” and views a compromised web page or an email message that links to a website. In most cases, users are not aware of these downloads. The FBI reports some businesses have been infected by CryptoLocker after opening an email that appeared to contain customer complaints.
Unfortunately, once your files are encrypted, you can’t decrypt them. Why? Because you need a special type of key that is never leaves the attacker’s command and control server. And of course, as with any hostage situation, even if you pay the ransom there is no guarantee you will actually receive the key.
If your computer is infected, the only way to recover your files is to scrub you hard drive and restore your encrypted files from a backup.
How to avoid malware and ransomware:
1. Don’t open emails from people you don’t know. Also, be careful before opening any attachments—if they look suspicious, don’t take the risk.
2. Surf carefully and visit sites you know are reputable. Sites can be spoofed and could result in a “drive-by download.”
3. Make sure your anti-virus protection is up to date. Consider subscribing to an Internet security service so your computer will always have the most current updates in place. If you’re not sure your anti-virus software is up to date, F-Secure offers a free health check so you can find out whether your computer is protected.
4. Back up your computer regularly. If you have to recover files corrupted by a virus, you can do it easily if you have a backup. TDS recommends an automatic backup service so your files are sure to be safe, secure, and current.
For more information, the Milwaukee Journal Sentinel has a good summary.
If you have been a victim of an internet scam, please file a complaint at www.ic3.gov.