An FBI press release issued on Oct. 28 warned PC users about Cryptolocker, a ransomware campaign that has been extorting money from computer users. The warning said, “The FBI is aware of a file encrypting Ransomware known as CryptoLocker. Businesses are receiving email with alleged customer complaints containing an attachment that when opened, appears as a window and is in fact a malware downloader. This downloader then downloads and installs the actual CryptoLocker malware.”
Businesses are not the only ones affected by this campaign, which is known as cryptoviral extortion. Individuals could receive emails purporting to be from service providers such as FedEx, Western Union, a bank, or any other entity. In short, any email link or attachment should be suspect.
The ransomware operates by encrypting files with certain file extensions, thus making data impossible to read. Online security companies Symantec (www.symantec.com) and Sophos (www.sophos.com) have both commented that it is impossible to crack the encryption code and those affected must either pay the ransom, something neither recommends, or wipe the hard drive and restore from a backup. Those affected are typically given 100 hours in which to pay the ransom.
How to avoid being affected
1) Do not click on links or attachments in emails unless you are positive they are safe
2) Be suspicious of any email from an unknown source
3) Don’t be fooled by coincidence. Example: Even though you have a package en route, does not mean that email from FedEx is legitimate.
I doubt I could offer enough money to be worth their while. 😉 I think backing up files is the best idea! It’s different for a large company though. Still, handing over ransom will make this crime more common in the future. I say no!
The Cryptolocker ransom is usually $300, but I’ve seen reports of up to $700. The 3% of victims who actually pay up are also unknowingly helping to fund this campaign. It’s a lose-lose situation!
If your PC was incapacitated by Cryptolocker, would you pay the ransom?