Just when it seemed 2013 might end without any major security attacks, the CryptoLocker malware has surfaced and begun creating havoc.
The viruse acts as “ramsonware”- it takes computer files hostage and demands a ransom under the threat of erasing the data.
McAfee APAC chief technology officer, Sean Duca, said CryptoLocker typically infiltrates a system though a PDF attachment emailed by cyber criminals.
“If you open the attachment, it installs malware on your hard drive that lets hackers access your computer files,” he said.
“The files are then encrypted and you’re unable to access them.”
The malware has already infected systems overseas, but Trend Micro ANZ software architecture director, Jonathan Oliver, said the global nature of the Internet means that it is finding its way locally as well.
“These attacks are very widespread globally, and this is impacting Australians,” he said.
No way out
From the analysis McAfee has done so far, a pattern in the cyber criminals’ behaviour has been detected.
“Once infected, the cyber criminals will contact the organisation or individual within two days, seeking payment,” Duca said.
“If they don’t pay up, their documents will be deleted.”
During the blackmail phase, the cybercriminals will demand payment not in cash or credit, but with a virtual currency called Bitcoin.
While many malware in the past have taken the stealth route and attempted to remain in a system anonymously, Trend Micro’s Oliver said it is “quite obvious” when you are infected with CryptoLocker.
“What makes this malware significant compared to other attacks is that the impact on victims is significant,” he said.
Unlike other malware in the past, McAfee’s Duca points out that CryptoLocker comes with an added malicious angle.
“Even when you remove it, it does not restore the files,” he said.
One step ahead
While regular consumers are a target for CryptoLocker, McAfee’s Duca warns that any organisation could be targeted.
“Businesses are particularly vulnerable to this attack because many haven’t adequately protected file-sharing between employees,” he said.
“If this is targeted to a user with higher privileges in an organisation then potentially every document which could be accessed by that user could be locked.”
As for what can be done to overcome CryptoLocker, Trend Micro’s Oliver repeats the old age adage of “prevention being better than the cure.” “Put in place an automated backup solution and consider turning on enhanced antispam features such as IP reputation,” he said.
McAfee’s Duca also emphasised the importance of having “great backup” to get your files back.
“You also need up-to-date Windows and antivirus patches,” he said.
Another countermeasure that Trend Micro’s Oliver suggests is potentially putting in a stricter email policies.
“For example, blocking zip files that contain executable files, as only technical sophisticated users should ever receive such files,” he said.
Not opening attachments from unknown senders also goes a long way, and Oliver recommends employees talk to IT staff if they get an email with a password in it.