Cleverly-coded ransomware, dubbed ‘Cryptolocker,’ encrypts files on a user’s computer and makes them inaccessible unless a monetary ransom is paid to the cyber criminals.
Consumers and corporations continually face sophisticated cyber attacks aimed at disrupting PC and network functionality. A relatively recent threat, which forces unsuspecting victims to pay a ransom or lose compromised files forever, has proven to be a major headache for many small business owners.
The ‘Cryptolocker’ ransomware was first detected in September, and has largely infected Microsoft Windows machines operating in the United States and the United Kingdom. The ransomware typically is circulated by spoofed e-mails from legitimate services, such as UPS, FedEx, or DHS, and users unknowingly open a corrupted file attachment that immediately begins encrypting select files.
Ransomware typically lock computer screens to prevent users from logging in, while Cryptolocker only targets specific files for encryption. Without paying a ransom to the cyber criminals, all encrypted files on an infected PC are typically lost, unless a recent PC backup can restore the files.
Bitdefender noted at least 12,000 victims in one week alone last month – a small number in a global game of numbers – but indicates the severity of the growing threat. Unfortunately, running an anti-virus or anti-malware scan will identify Cryptolocker and remove it, but the encrypted files are left untouched – and with the ransomware now gone, it’ll be impossible to even try and pay a ransom to restore the files.
Security company Symantec has dubbed Cryptolocker “Menace of the Year,” due to the malware’s sophistication and ability to encrypt individual files. There are certain methods to recover files without paying the ransom, but as noted by Symantec, trying to recover files can be a difficult and rather tedious process.
There is continued progress to limit the amount of damage that can be done, with research groups now able to temporarily disrupt the ransomware from connecting to infected servers controlled by cyber criminals. It hasn’t proven to be an effective way to help most companies infected, as it’s often too late by the time the files have been encrypted.
If nothing else, Cryptolocker and other ransomware prove that consumers and businesses alike should have some type of data recovery plan. For companies unwilling to pay the Cryptolocker ransom, the only viable way to restore files is from a previous backup – which many companies, especially small and midsize-businesses, tend to neglect.