If you haven’t herd of it yet then consider yourself Very Lucky…
It’s the main reason one needs to have a Cold Backup ready and updated. A cold backup is a backup that is not live or connected to your computer. A Live or Hot backup is a backup solution that is always connected to your computer. A hot backup is very convent, more so than a cold backup. In fact a cold backup is very inconvenient and could also save you $300.00 US.
Let’s backup a bit… (Pun noted)… You have your computer with a lot of important files on the system. You know you cannot do without those files (pics, documents, files ect…) and being a smart person you backup those important files. The most common way is an attached drive (USB or NAS) and copy over any changed files… Another way is to copy the files to USB ext HDD and detach the drive or run a cold cloud backup such as carbonate. Note here that Dropbox is a great example of hot backup not cold. The point of cold backup is the computer system cannot see it at anytime. With NAS (Network Attached System) and USB always connected or cloud servers like Dropbox is the computer system can always see the data and modify it when needed… Like I said before very convent but not piratical with CrypoLocker.
CrypoLocker is at the very least Cyber Terrorism at its best. A secret server on the Internet (which always changes) holds your data Hostage until you pay the terrorists. You have limited time before your data is lost forever and if you attempt to fix the computer you automatically loose the data.
The data remains on the computer at all times with a list of files the program has encrypted and the master keys are on the remote server with the countdown. The terrorists await your payment via the Internet (anonymous non tracking payments) and then send you the unlock keys to decrypt your files. The encryption uses the latest technology and is useless without the unlock keys.
Authorities can always shutdown the servers when found on the Internet but a new server will pop up somewhere random later. When the Authorities shutdown the server then all the Private keys stored on that server being used to keep hostage the data of many computers will be lost and never to be used again and thus lost forever. The private keys are generated only one time on the infected computer and transmitted to the random server being shutdown. When lost they will never be generated again thus loss any chance of getting the unlock keys ever again. The sad point here is they might be up to 1000 private keys waiting payment on the server being shutdown. True the terrorists will never be paid those 1000 hijacks but it also means 1000 people with lost data never getting it back ever.
If you have a cold backup then using the list you can restore the files based on the last backup yourself and not pay the terrorists. You are now saying why not use the hot backup like the cold backup?!? The answer is when the Virus / Trojan starts to encrypt the data it doesn’t stop at local files, it continues to all files the computer can see. Then it sends out the private key for the encryption and gives the operator on the screen the public key only. The private key is nowhere on the local computer and thus the Hijacking of your data.
Cyber Terrorism is Very Illegal. This is if you get caught!!! The way they accept payments you cannot trace them and cannot follow the money (bit-coin and MoneyPak). How they track the payments is via public key working with the private key. Somewhere someone will reverse the programming and fix this issue….
The only good thing that comes out of this is it makes us practice good backups using cold backups. To pay the terrorists only promotes the continuation of Virus / Trojans like this. If we could stop this from happening or make it very hard to get payments to the fools who made this program then it would stop.
Not to promote Cyber Terrorism or the use of CryptoLocker, the technology uses the very best of cryptology for the wrong use. I believe it uses RSA-2048 bit encryption at its heart for the Cyber Terrorism. Like I said we here don’t condone CryptoLocker, if fact we despise the use of it.
Now for the Most important information one needs to avoid this. So far it only attacks windows machines. It comes in as an email attachment or a spoofed web site. The email attachment hopes you have HTML preview enabled (it is by default on 90% of all windows email programs) and it automatically installs itself using the program run command. The spoofed web page tries to run the java install program when viewing the web page. Depending on your login level credentials is depending on what files CryptoLocker can change and encrypt. The higher the user level, the higher the number of files it can change. In any case the new OS’s (operating systems) will try to warn you before installing the CryptoLocker. Unfortunately CryptoLocker uses many tricks to fool the average user to install the program, as web statics prove its out there and the terrorists are making money.
Another problem that can arise is if you are on a network (say at work) with access to shared files that people rely on and you get infected with this horror, just imagine the out come… Not only the users local files will be encrypted but also the shared files used by the team and maybe the virus will copy over to the team computers… What an issue this worst case development could be!!!
If you need more information on this you can click Security Now Web Podcast on CryptoLocker or Cryptolocker Ransomware Information @ www.bleepingcomputer.com and educate yourself to protect you and people you know. The last thing you want is to mess with this new form of Ransom-ware!