Cryptolocker Ransomware – 10M UK Users targeted.Basic countermeasures

Pierluigi Paganini November 19, 2013

Cryptolocker is considered one of most insidious threat for Internet users, a recent spam campaign targeted 10M UK Users, let’s learn how fight it

Recently the UK’s National Crime Agency has issued an alert on a large spam campaign based on CryptoLocker ransomware that is targeting more than 10 million UK based email users. CryptoLocker malware is considered very insidious by users, it encrypts victim’s files and then demands a ransom money to restore access. CryptoLocker was first detected in the wild in September 2013, what makes CryptoLocker so insidious is the way it encrypts the victim’s data using a strong encryption method making impossible to access it without paying the ransom amount. If the victim doesn’t pay the ransom amount in 72 hours, CryptoLocker will delete the decryption key to decrypt all the files on your PC.

The UK’s National Crime Agency revealed that spam emails targeted mainly accounts belonging to banks and financial institutions, usually the message include a malicious attachments that appears like files such as an invoice, details of a suspicious transaction, a voicemail or a fax. Bitdefender Labs security firm observed that in the week beginning Oct. 27, more than 12,000 computers were infected.
The UK’s National Crime Agency announced that it is investigating on the origin of the spam campaign:
We are working in cooperation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public.” Lee Miles, Deputy Head of the NCCU says.
Once victims try to open the file the Cryptolocker malware infects the machine and will then display a countdown timer that demands the payment of 2 Bitcoins in ransom, worth around £536, for the decryption key.
CryptoLocker Ransomware
Victims are advised not to pay the ransom, event after the payment there is not assurance that files will be again available to the user.
Anyone whose computer is infected should report it to www.actionfraud.police.uk.
During these days I received many requests from readers to have indication on how to protect their machines from CryptoLocker ransomware.
The bad news is that there is no possibility to decrypt the files without the decryption key, brute force attacks are useless against 2048 bit encryption.
The prevention is essential, following some precious suggestions:
  • Avoid opening emails and attachments from unknown sources, especially zip or rar archive files.
  • Keep up-to-date defense systems, OS and applications.
  • Backup your data.
  • Windows 7 users should set up the System Restore points or, if you are using Windows 8, configure it to keep the file history.
  • If infected, make sure you have reformatted your hard drive to completely remove the CryptoLocker trojan before you attempt to re-install Windows and/or restore your files from a backup.
On the Internet it is possible to retrieve numerous tools to protect our system from CryptoLocker, HitmanPro.Alert  is one of the best free utility that can defend us from CryptoLocker ransomware. The application in fact contains a new feature, called CryptoGuard, able to detect and neutralize malicious activities.
Other valid tools are BitDefender Anti-CryptoBlocker, an application that can detect and block CryptoLocker ransomware encryption of the user’s data and  CryptoPrevent applies a number of settings to the Windows machine to prevent CryptoLocker from ever executing.
IPSs (Intrusion prevention systems) are also able to block Cryptolocker interfering with communication to remote command-and-control server used by the malware to retrieve the key to encrypt the files.
Let me close with a curious new that demonstrate that nose is secure … a local police department in Swansea, Massachusetts, has paid criminals to decrypt files locked up by the CryptoLocker ransomware on police computer systems, according to local press reports. The department paid $750 for the decryption key to retrieve its files, using Bitcoins as currency.

Pierluigi Paganini

(Security Affairs – Cryptolocker, Cybercrime)



you might also like

leave a comment