Ransomware attackers have been around for a long time, often considered as a nuisance more than a threat. Ransomware encrypts data on a user’s machine, demanding a ransom fee in exchange for the decryption key. In many cases, the author of the ransomware will pretend to be a law enforcement official or federal authority, accusing the victim of violating laws to scare them into paying the ransom fee.
While most ransomware in the past has been a nuisance, cryptolocker has clearly become a huge threat to businesses and individuals alike. Cryptolocker, a form of ransomware that doesn’t disguise as a legal authority, infects machines using malicious emails; but how did cryptolocker manage to become so wildly successful? Let’s take a look at how the ransomware works.
Cryptolocker searches for files to encrypt in a variety of locations, such as USB sticks, external hard drives, and shared network drives. Once the target files are found, the private encryption key is sent back to the attackers’ command-and-control server. In the beginning, the attacker required the victims’ to pay the ransom fee within three days via Bitcoin. Since then, the attackers have made flexible changes to the payment options, including the ability to pay with MoneyPak. The victim can also pay at a later date, however, the cost increases.
When the victim refuses to pay the ransom fee, the attacker deletes the decryption key. Essentially, the victim’s data is locked forever. For most organizations, data loss is costly and damaging to the reputation of the business. What would happen if your business lost confidential client data? Would you be able to recover? If you don’t backup your files on a regular basis, you probably wouldn’t be able to recover.
Differentiating Aspects of Cryptolocker
In the past, it’s been a hassle to decrypt ransomware if encryption was used, but it’s not difficult. Security researchers would reverse-engineer the code and provide decryption keys to customers. What makes Cryptolocker’s encryption significantly more sophisticated?
The authors of Cryptolocker have properly utilized 2048-bit RSA encryption. In fact, the encryption is fairly foolproof, it’s impossible to decrypt the data without the private keys because of the type of encryption used.
In addition, Cryptolocker uses domain generation algorithm, which creates challengers to those individuals who try to solve the decryption key. Cryptolocker actually has a thousand domains coming online each day to serve the encryption keys. The constantly evolving domains are concerning for organizations.
Cryptolocker’s also utilized other bot networks, such as Zeus, in order to spread rapidly. When a machine is already infected with another attack campaign, the Cryptolocker attack can be downloaded instantly.
Protecting Your Organization
Do your sensitive files have adequate authentication and protection levels? Make sure your files are encrypted and password-protected to ensure Cryptolocker’s algorithms are unable to access them. Does your organization regularly backup files? If so, you’re able to escape damage from Cryptolocker and remain fairly unharmed, other than the hassle of obtaining backup copies.
Published On: 28th November 2013 by Ernie Sherman.