A research team specialising in security has revealed that the form of Ransomeware, Cryptolocker, could have managed to infect anywhere between 200,000 to 250,000 devices and could also have collected over £600,000 ($980,000, AU$1,000,000) in the virtual currency Bitcoin.
Dell’s SecureWork’s specialist counter-threat unit has scrutinised the infection rates of Cryptolocker and claims that the malware has been developed in either Russia or Eastern Europe. The earliest infection this year would have happened around 4 months ago (September 5) this year. But just how the malware is distributed is still unclear.
Ransomware is a successful new variety of malware and virus that finds and locks away system/essential files on a victim’s computer. The encrypted files are held locked away until the user meets the demands of payment within 72 hours – displayed ominously in the form of an on-screen timer. What is more worrying is that, it targets, mapped drives and all locally connected, network attached or cloud-based storage such as Dropbox.
Unlike traditional malware, which can be removed with the use of antivirus software, Cryptolocker cannot currently be removed. If a user can root out the virus, there is still no way to access the files, which it encrypts. All decryption keys are located on one of Cryptolocker servers; the files are only released again, if the user pays the ransom.
“By using a sound implementation and following best practices, the authors of Cryptolocker have created a robust program that is difficult to circumvent,” SecureWorks notes in a blog post. “Instead of using a custom, cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft’s CryptoAPI.”
Audaciously, Cryptolocker also has its own dedicated support system for people who pay their ransom but miss the deadline! There have been reports of the author of the program actively answering help question on online forums, such as this thread.
Dell’s SecureWorks estimates that the Ransomware has infected 250,000 systems in the first 100 days of its active lifecycle.
[Image via gfi]