CryptoLocker Ransomware Encrypts Users’ Files
CryptoLocker Ransomware Encrypts Users' Files
The FBI is aware of a file encrypting Ransomware known as CryptoLocker. Businesses are receiving e-mails with alleged customer complaints containing an attachment that, when opened, appears as a window and is in fact a malware downloader. This downloader then downloads and installs the actual CryptoLocker malware.
The verbiage in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files, you need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300 to be paid in order to decrypt the files.
Unfortunately, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, you need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.
As with any virus or malware, the way to avoid it is with safe browsing and e-mail habits. Specifically, in this case, be wary of e-mail from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe. Be especially wary of unexpected email from postal/package services and dispute notifications.