Categories: MalwareSecurity

Cryptolocker Ransomware – 10M UK Users targeted.Basic countermeasures

Cryptolocker Ransomware – 10M UK Users targeted.Basic countermeasuresCryptolocker Ransomware – 10M UK Users targeted.Basic countermeasures

Cryptolocker is considered one of most insidious threat for Internet users, a recent spam campaign targeted 10M UK Users, let’s learn how fight it

Recently the UK’s National Crime Agency has issued an alert on a large spam campaign based on CryptoLocker ransomware that is targeting more than 10 million UK based email users. CryptoLocker malware is considered very insidious by users, it encrypts victim’s files and then demands a ransom money to restore access. CryptoLocker was first detected in the wild in September 2013, what makes CryptoLocker so insidious is the way it encrypts the victim’s data using a strong encryption method making impossible to access it without paying the ransom amount. If the victim doesn’t pay the ransom amount in 72 hours, CryptoLocker will delete the decryption key to decrypt all the files on your PC.

The UK’s National Crime Agency revealed that spam emails targeted mainly accounts belonging to banks and financial institutions, usually the message include a malicious attachments that appears like files such as an invoice, details of a suspicious transaction, a voicemail or a fax. Bitdefender Labs security firm observed that in the week beginning Oct. 27, more than 12,000 computers were infected.
The UK’s National Crime Agency announced that it is investigating on the origin of the spam campaign:
We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public.” Lee Miles, Deputy Head of the NCCU says.
Once victims try to open the file the Cryptolocker malware infects the machine and will then display a countdown timer that demands the payment of 2 Bitcoins in ransom, worth around £536, for the decryption key.
Victims are advised not to pay the ransom, event after the payment there is not assurance that files will be again available to the user.
Anyone whose computer is infected should report it to www.actionfraud.police.uk.
During these days I received many requests from readers to have indication on how to protect their machines from CryptoLocker ransomware.
The bad news is that there is no possibility to decrypt the files without the decryption key, brute force attacks are useless against 2048 bit encryption.
The prevention is essential, following some precious suggestions:
  • Avoid opening emails and attachments from unknown sources, especially zip or rar archive files.
  • Keep up-to-date defense systems, OS and applications.
  • Backup your data.
  • Windows 7 users should set up the System Restore points or, if you are using Windows 8, configure it to keep the file history.
  • If infected, make sure you have reformatted your hard drive to completely remove the CryptoLocker trojan before you attempt to re-install Windows and/or restore your files from a backup.
On the Internet it is possible to retrieve numerous tools to protect our system from CryptoLocker, HitmanPro.Alert is one of the best free utility that can defend us from CryptoLocker ransomware. The application in fact contains a new feature, called CryptoGuard, able to detect and neutralize malicious activities.
Other valid tools are BitDefender Anti-CryptoBlocker, an application that can detect and block CryptoLocker ransomware encryption of the user’s data and  CryptoPrevent applies a number of settings to the Windows machine to prevent CryptoLocker from ever executing.
IPSs (Intrusion prevention systems) are also able to block Cryptolocker interfering with communication to remote command-and-control server used by the malware to retrieve the key to encrypt the files.
Let me close with a curious new that demonstrate that nose is secure … a local police department in Swansea, Massachusetts, has paid criminals to decrypt files locked up by the CryptoLocker ransomware on police computer systems, according to local press reports. The department paid $750 for the decryption key to retrieve its files, using Bitcoins as currency.

Pierluigi Paganini

(Security Affairs – Cryptolocker, Cybercrime)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: brute force attacksCryptolockerCybercrimeHackingmalwareransomwarespam
12 years ago

Recent Posts

Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on…

11 minutes ago

New PumaBot targets Linux IoT surveillance devices

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and…

4 hours ago

App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years

Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams…

5 hours ago

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading…

9 hours ago

Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks<gwmw style="display:none;"></gwmw>

Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to…

10 hours ago

DragonForce operator chained SimpleHelp flaws to target an MSP and its customers

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a…

20 hours ago