Skip to main content

Monetizing Malware With Cryptolocker

In the "Good Old Days" of computing, when it was really starting to become popular, computer viruses would often be destructive or at least have a high nuisance value. In more recent years the goal has often been a bit more subtle, by infecting the computer in a manner that may not immediately draw attention to the user, but all the while either stealing personal information, or serving up bogus search results to get clicks and make money that way. And that's the name of the game; since it became apparent that there were ways to monetize malware, the involvement of organized gangs upped the ante and the sophistication of the attacks. Most recently, we have Ransomware, such as Cryptolocker.




Cryptolocker malware is very upfront about the motive behind it; this type of malware quietly encrypts (scrambles) your PC data, making it inaccessible to you or anyone else, and demands that you pay cash to get an unlock code to get your data back. In this regard, it is more properly termed "ransomware". 

The encryption affects both local data, mapped drives, attached USB devices and in some case, cloud drives. The best "fix" for this is to wipe your PC and start over, but many home users either don't have the backups in the first place, or are so upset by the whole thing that just take the PC to the big box store they bought it from and have them handle it (at a significant cost). 

In the UK, where Cryptolocker infections are quite prevalent at the moment, about 2 in 5 of those infected actually pays the "ransom", typically around $500!

From the US CERT site:
The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives.  If one computer on a network becomes infected, mapped network drives could also become infected. CryptoLocker then connects to the attackers’ command and control (C2) server to deposit the asymmetric private encryption key out of the victim’s reach.
Victim files are encrypted using asymmetric encryption. Asymmetric encryption uses two different keys for encrypting and decrypting messages. Asymmetric encryption is a more secure form of encryption as only one party is aware of the private key, while both sides know the public key.
While victims are told they have three days to pay the attacker through a third-party payment method (MoneyPak, Bitcoin), some victims have claimed online that they paid the attackers and did not receive the promised decryption key.  US-CERT and DHS encourage users and administrators experiencing a ransomware infection to report the incident to the FBI at the Internet Crime Complaint Center (IC3).
For tips and methods of avoiding this type of malware, see Brian Krebs here, and some more generic advice from the UK Guardian here.

Comments

Popular posts from this blog

VPN Use Is Up, Up, Up

Since the repeal of the Broadband Consumer Privacy Rules, VPN use and traffic is rather predictably spiking, according to many VPN providers. VPNs are not the b-all and end-all of privacy though, and indeed the usual cretins have stepped in to provide shady VPN services that may actually sell on user data.

Also remember:
ISPs still track your location data and DNS records, even if you're using a VPN. Similarly, a VPN doesn't stop a company from using on-device snoopware to track you (remember Carrier IQ?). Neither will it stop ISPs from charging you a premium for privacy (something both AT&T and Comcast have already experimented with). Nor will a VPN stop a company from using your credit score to provide worse customer service (something CableONE has crowed about). DSL Reports

Microsoft's Mild Mea Culpa Over Windows 10 Obscure Upgrade "Choice"

In a cleansing act before the turn of the year, a Microsoft bigwig has admitted that they may have gotten a little carried away in their zeal to upgrade as many users as possible to Windows 10.
Specifically, Chief Marketing Officer Chris Capossela referred to the upgrade notification that appeared to be deliberately deceptive in the way it handled a users response. If a user clicked the red "X" at the top right of the notice, that closed the dialog box but went ahead and installed the upgrade anyway.
To actually not accept the upgrade, you had to click a link in the notification window itself. Not a few users would come back later and find their system upgraded to Windows 10, or in the process of doing so, when they thought they had expressed their wish not to do so. "Within a couple of hours of that hitting the world, with the listening systems we have, we knew that we had gone too far and then, of course, it takes some time to roll out the update that changes that …

pCloud Cloud Storage On Linux

As a cheapskate user of the Dropbox free plan, I was looking to see if there was another provider that offered a little more free storage than the 2GB from Dropbox (I actually have 2.5GB, due to a couple of bonus offers).
After a bit of research, I came up with Swiss-based pCloud: it has a client for Linux, as well as Windows, Mac, iOS and Android. The free tier offers 10GB of Cloud storage with no file size limits, which is fantastic for my (pretty basic) needs. You can set up your account first from the pCloud website, or during the client install process.