Cryptolocker ransomware has 'infected about 250,000 PCs'

Cryptolocker Infected victims are given a time limit to release their data before they lose it forever

Related Stories

A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers.

Cryptolocker scrambles users' data and then demands a fee to unencrypt it alongside a countdown clock.

Dell Secureworks said that the US and UK had been worst affected.

It added that the cyber-criminals responsible were now targeting home internet users after initially focusing on professionals.

The firm has provided a list of net domains that it suspects have been used to spread the code, but warned that more are being generated every day.

Ransomware has existed since at least 1989, but this latest example is particularly problematic because of the way it makes files inaccessible.

"Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses strong third-party certified cryptography offered by Microsoft's CryptoAPI," said the report.

"By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent."

Ransom dilemma

The first versions of Crytpolocker appear to have been posted to the net on 5 September.

Early examples were spread via spam emails that asked the user to click on a Zip-archived extension identified as being a customer complaint about the recipient's organisation.

Later it was distributed via malware attached to emails claiming there had been a problem clearing a cheque. Clicking the associated link downloaded a Trojan horse called Gameover Zeus, which in turn installed Cryptolocker onto the victim's PC.

By mid-December, Dell Secureworks said between 200,000 to 250,000 computers had been infected.

It said of those affected, "a minimum of 0.4%, and very likely many times that" had agreed to the ransom demand, which can currently only be paid in the virtual currencies Bitcoin and MoneyPak.

Top 10 infected countries Number of infected systems identified using test "sinkhole" servers between 9-16 December Percentage of total

Source: Dell SecureWorks

US

1,540

23.8%

Great Britain

1,228

19.0%

Australia

836

12.9%

France

372

5.8%

Brazil

309

4.8%

Italy

204

3.2%

Turkey

182

2.8%

Spain

145

2.2%

China

138

2.1%

Canada

135

2.1%

"Anecdotal reports from victims who elected to pay the ransom indicate that the Cryptolocker threat actors honour payments by instructing infected computers to decrypt files and uninstall the malware," added the security firm.

"According to reports from victims, payments may be accepted within minutes or may take several weeks to process."

However, Trend Micro, another security firm, has warned that giving into the blackmail request only encouraged the further spread of Cryptolocker and other copycat schemes, and said that there was no guarantee of getting the data back.

Safety steps

Dell suggested PCs be blocked from communicating with the hundreds of domains names it had flagged as being linked to the spread of Cryptolocker, and it suggested five further steps the public and businesses could take to protect themselves:

  • Install software that blocks executable files and compressed archives before they reach email inboxes
  • Check permissions assigned to shared network drives to limit the number of people who can make modifications
  • Regularly back-up data to offline storage such as Blu-ray and DVD-Rom disks. Network-attached drives and cloud storage does not count as Cryptolocker can access and encrypt files stored there
  • Set each PC's software management tools to prevent Cryptolocker and other suspect programs from accessing certain critical directories
  • Set the computer's Group Policy Objects to restrict registry keys - databases containing settings - used by Cryptolocker so that the malware is unable to begin the encryption process

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Thinkstock)

‘I freeze people to cheat death’

The man with 100 bodies in his freezer Read more...

Programmes

  • Hitch-hiking robot HitchBOTClick Watch

    Hitch-hiking robot HitchBOT completes a 6,000 km (3,700 mile) trip plus other tech news

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.