Wednesday, October 23, 2013

Warning: Old Fiend With New Muscle

In the title I say "old fiend" and it is an old adversary in new clothes and with significantly more muscle. 

Instead of repeating the background story please first head over to my September 2012 article and come back here after you have read it.

So what's new?  Besides the new name, Crypto Locker, a couple of major improvements have been made to that nasty piece of maliciuos software:
  • The encryption is now "NSA grade", meaning there is no way out! Your data files most likely will remain lost!
  • The ransom has been raised in some variants of this malware  to close to $1000.
  • Now even files on other than the system drive C: will be encrypted. That renders restore partitions useless.
  • Is your backup disk permanently connected to the computer? Then the files on this drive get encrypted as well and all your backups are totally useless!
  • Now even files on network connected other computers can get encrypted.
  • Many victims that actually did pay the ransom got a decryption key that did not work! Their files remained inaccessible and were totally lost.
  • To pay ransom in some instances credit card information was given to the obviously wrong people; credit cards got maxed out in minutes! That is much more trouble than the loss of years of pictures, emails and other files!
  • Many attempts to save files turned out to be more expensive than a brand new computer would have been, Even with a new computer your files remain lost!
So far, and that may change soon, CryptoLocker 
  • arrives on victims computers in an email from an arbitrary sender they often don't know.
  • arrives on victims computers as an email attachment; this requires the victim to explicitly execute the attachment, that is double click on it and eventually even ignore the warning from Windows about running a downloaded program.
  • arrives on victims computers after the victim clicked on a link in an email without first checking the link and it's real target.
You say you don't do either of these arguably fairly dumb and dangerous things? Good for you! Are you 100% certain that everybody who eventually uses your computer is as careful, as attentive and as cautious? Think about your sweet teenage granddaughter, your kid's friends, visitors and so on.

You ask why your anti virus program did not catch the bad program? Simply because this form of CryptoLocker is new. It requires time and quite some effort to design detection methods and find secure ways to neutralize these modern and very sophisticated threats.

As of this writing we all are unprotected and need to use due diligence. Always wear your common sense hat!

The only currently known "protection" against damage by CryptoLocker is to have a recent image backup of your system drive and/or to have a set of restore DVDs that were created when the system was still functioning correctly.

If you need to use either of the aforementioned a System Repair disk is required. Did you already create one?

If you need help to set up a sensible backup routine and/or to create the disks mentioned above please contact me. You find a useable email address in the left sidebar at the end of the text titled "Welcome".

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

No comments: