CYBERPOL Issues CryptoLocker Alert
CYBERPOL Issues CryptoLocker Alert
CYBERPOL issued a CryptoLocker alert yesterday to all internet users around the globe. This comes after many cases were reported within the USA and Europe in recent months where CryptoLocker was used as a ransomware to extort companies and private citizens of their cash.
CryptoLocker is a ransomware trojan horse software which targets computers running Microsoft Windows around the globe. It’s believed to have first been posted to the World Wide Web approx. 5 September 2013.
CryptoLocker spreads via infected email attachments sent to the user and can also run via an existing botnet. When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers. Thus in short there is no escape when any computer or server has been infected.
The trojan malware then displays a message which offers to decrypt the data if a payment through either bitcoin or a pre-paid cash voucher is made by a stated deadline, after which, should you not pay, are threatened to delete the private key. If the deadline is not met, the trojan malware offered to decrypt via an online service provided by the malware’s operators, for a significantly higher price in bitcoin.
Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid. The assault on Hollywood Presbyterian occurred Feb. 5, when hackers using malware infected the institution’s computers, preventing hospital staff from being able to communicate from those devices, said Chief Executive Allen Stefanek.
CYBERPOL urges corporations, governments and the public that if you become infected and don’t have a backup copy of your files not to pay any ransom asked. That’s NEVER a good solution, as it turns the malware into a highly profitable business model and will contribute to the flourishing of this type of cyber attack.
CYBERPOL said it will publish a list of release notes of how to avoid falling prey to this cyber hacking scam. It said that all internet users should be particularly wary of emails from senders they don’t know, especially those with attached files and avoid opening them when you have received them. We’d like to remind you of the importance of having a backup system in place for your critical files. This will help mitigate the damage caused not only by malware infections, but hardware problems or any other incidents as well.
CryptoLocker was isolated in late-May 2014 via Operation Tovar—which took down the ZeuS botnet that had been used to distribute the malware. During the operation, a security firm involved in the process obtained the database of private keys used by CryptoLocker, which was in turn used to build an online tool for recovering the keys and files without paying the ransom. It is believed that the operators of CryptoLocker successfully extorted a total of around $3 million from victims of the trojan.
CYBERPOL spokesperson said that European corporations in particularly Governments are at risk and warned that this is a tool that could be used by terrorist organizations and needs urgent attention and called upon all agencies to join forces in an international coalition effort in the fight against cyber crime without any delays.