Cryptolocker is the nastiest virus I’ve seen in my computer repair career. It ups the ransomware stakes by encrypting your files and holding them hostage until you pay the ‘ransom’. Understand that your files can be lost forever. The virus is most commonly spread through email attachments. Phishing attacks have also been used against companies.
You might be thinking that someone will certainly break the encryption and put an end to the problem. However, the encryption is an asymmetric RSA that requires both a public and a private key. The public key is used to encrypt the files and the private key is used to decrypt the files.
Keep in mind that this is the same type of encryption that the US government uses, and by most accounts, the NSA is unable to break this style and level of encryption! Without the private key, there is no way to unlock your files. The types of files that are encrypted vary with the particular variant of the virus. But the virus appears to target businesses, based on the targeted file types but also affects many non-business users as well.
The current cost to release your files is $300 but I’ve seen some variants of the virus seeking up to $500. Paying the ransom might or might not be successful in releasing your files. Many times it is NOT. I would not suggest paying the ransom. The success rate of recovering files this way is not high. The lesson here? Back up your files. Period. The virus infection, like other virus and malware infections can easily be removed by a qualified computer repair shop for around $125. The problem here is the encrypted data. If you data is backed up – although you’re not perfectly protected against the infection – you’re protected against data loss. See my blog for more articles on how to back up your data.
A new version of the virus, referred to as Cryptolocker 2.0 was recently discovered at the end of 2013, though the original version is still in full-force. Both versions asymmetrically encrypt files with particular file extensions and then request a ransom.
There are a few differences:
1. The earlier version uses RSA-2048, while 2.0 uses RSA-1024. However, the latter claims to use RSA-4096.
2. 2.0 only accepts Bitcoins for the ransom payment. The previous version accepts Ukash, MoneyPak, cashU vouchers, or BitCoin.
3. 2.0 was programmed in C#. The original Cryptolocker was programmed in Visual C++. This strongly suggests that the original programmers were not part of the new version.
4. Cryptolocker didn’t attack video and music files; the latter version does.
Experts are uncertain whether the same programmers created the 2.0 version or if it is merely a copycat. Though most believe it is was not created by the original programmers. There is one certainty; both can be detrimental to your files. Avoid opening email attachments unnecessarily, back up your files at regular intervals, learn good web-browsing habits — and run an effective and up to date anti-virus program.