One of the blogs we monitor to keep our community aware of the latest scams is the Internet Crime Complaint Center. A recent posting on that site focused on “CryptoLocker Ransomware”. According to the FBI, CryptoLocker is a file encrypting Ransomware. Businesses receive an email with alleged customer complaints and contains an attachment that when opened, appears as a window and is in fact a malware downloader. This downloader than downloads and installs the actual CryptoLocker malware.
The wording in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files victims need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300.00 to be paid in order to decrypt the files.
According to the post, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, victims need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.
As with any virus or malware, the way to avoid it is with safe browsing and email habits. Specifically, in this case, be wary of email from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe. Be especially wary of unexpected email from postal/package services and dispute notifications.
If you have been a victim of an internet scam, please file a complaint at www.ic3.gov.
For more on best practices to steer clear of identity theft and related scams, please visit www.hvshred.com