A new malware spreading around the Internet in recent months holds every file on a computer for ransom. Unless the user pays $300 in bitcoins to the hacker responsible for the infection within 100 hours, the hacker threatens to forever deny the user access to his or her files.
The malware, which is known as CryptoLocker, is not just an empty threat. If the hacker's demands aren’t met, the computer files get cryptographically locked, making it almost impossible to access them. A ticking clock showing the time limit makes CryptoLocker just a bit more terrifying.
CryptoLocker is spread through phony emails designed to look like they're from legitimate businesses and fake FedEx and UPS tracking notifications. Once opened, CryptoLocker installs itself in the “Documents and Settings” folder, scans the hard drive and encrypts certain file types, including documents associated with Microsoft Word and Adobe Photoshop. CryptoLocker then launches a pop-up window with the 100-hour countdown and provides details on how to pay the ransom.
If the ransom is paid before the deadline, a key is given to decrypt the files. If not, the key is destroyed and the files are effectively lost forever. Even advanced software security companies don’t really have ways to restore the locked hard drive. Catching the hackers behind CryptoLocker may be the only way to retrieve the files.
The hackers are covering their tracks by using Bitcoins, a digital currency designed to be as anonymous as cash. Payments are made with a Green Dot MoneyPak, a reloadable debit card.
There is a growing trend in this type of malware, known as “ransomware,” but CrytpoLocker is the most dangerous one to pop up so far. Normally the threats are empty or the malware does something completely fixable, such as freezing the computer.
The good news is that paying the ransom does actually decrypt the files, and the hackers behind CryptoLocker so far have been honest and not reinfected computers after the ransom is paid.
Security companies are working on a protection, but there isn’t one yet. Users should remain vigilant about their security online, double-checking the legitimacy of links received in emails and social media messages.