27 December 2013

"Cryptolocker ransomware" explained

As reported by the BBC:
A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers. Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock...

Early examples were spread via spam emails that asked the user to click on a Zip-archived extension identified as being a customer complaint about the recipient's organisation. Later it was distributed via malware attached to emails claiming there had been a problem clearing a cheque. Clicking the associated link downloaded a Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto the victim's PC...

It said of those affected, "a minimum of 0.4%, and very likely many times that" had agreed to the ransom demand, which can currently only be paid in the virtual currencies Bitcoin and MoneyPak...

"Anecdotal reports from victims who elected to pay the ransom indicate that the Cryptolocker threat actors honour payments by instructing infected computers to decrypt files and uninstall the malware," added the security firm.
More at the link.

1 comment:

  1. Neal Stephenson's "REAMDE" (sic) uses this as a plot point, if you're interested.

    ReplyDelete