The latest ransomware is called CryptoLocker, and it is perhaps the most evil piece of malware yet created. CryptoLocker infects a computer, and secretly encrypts its most precious files and demands a ransom for the data. Like its predecessors, spyware, rogue antivirus software, and the DOJ/FBI viruses, CryptoLocker’s motivations are financial. Unlike it predecessors, once CryptoLocker infects, no security software can undo its harm. This should give us all major pause and force us all to rethink 1) how we are protecting our computers and 2) how we back up our data.
In the last two weeks, there were two new revelations about CryptoLocker. 1) When CryptoLocker infects, there is a 72 hour deadline to pay the ransom for roughly $300. If you don’t pay in the 72 hours, the ransom escalates to $3000. 2) It is possible to remove CryptoLocker using security software, but this ironically is counter productive. Once the software has been removed, you know longer have the ability to pay the ransom and your files are still encrypted. To solve this problem, CryptoLocker created a customer service department to help victims pay ransoms.
The company behind CryptoLocker is rolling in cash and they are building out the infrastructure of a real enterprise.
CryptoLocker is a polymorphic virus meaning that it escapes the detection methods of almost every security product. PC Matic, though its use of a white list, stands alone in its ability to proactively block CryptoLocker and other polymorphic viruses. That said, PC Matic is a small security player, and will do little to impede CryptoLocker’s trajectory.
So what’s in store?
CryptoLocker will become a household name.
The security industry as a whole adapts glacially to new threats such as CryptoLocker. The reality is that polymorphic viruses have been around for half a decade. The difference is that CryptoLocker’s destruction level, and that it escapes remediation. In one year’s time, CryptoLocker will be a household name, and a profit and loss statement that would make Wall Street drool.
CryptoLocker will become more sophisticated.
There is a patch to avoid the current strain of CryptoLocker by not allowing programs to run from certain directories. The problem is that few people will adopt this measure and if they did, CryptoLocker could easily move its execution to a different directory. To be clear, CryptoLocker is a cloud based company that can adapt agilely to changes in its environment.
Today, CryptoLocker encrypts most of the common file types such as Excel, Word, photos, movies and so on. I have learned that it does not encrypt Quickbooks files. I am sure this is a minor over sight on CryptoLocker’s part, and future revisions will target an ever growing list of file extensions.
In its drive for market domination, CryptoLocker will target Apples and Macs. Apple users have lived for decades under the false notion that somehow Macs are more secure than Windows. That bubble will be popped as CryptoLocker continues to wreak havoc throughout 2014.
External hard drive sales will grow.
Two years ago, online back up was the hot topic, and certainly the rave of the investment community. Unfortunately, many of the online back up solutions are little help against CryptoLocker since the encrypted files are copied to the remote server and the originals are lost when using the lower pricing tiers of these companies.
The best protection is manual backups and then disconnect the drive from the computer after the backup is completed.
Prior to CryptoLocker, we had the DOJ/FBI virus. Like CryptoLocker, DOJ/FBI is a polymorphic virus that escapes the detection of virtually every security product. The difference is that it was not difficult to remove DOJ/FBI from the computer without paying the ransom.
2014 will be a banner year for the external hard drive companies and of course CryptoLocker.