Tuesday, October 29, 2013

CryptoLocker, the new PC virus threat

This may seem a little bit of fear mongering, and it totally sounds like those old emails we used to get forwarded from grandparents, but this one is pretty serious and I felt the need to share it.

It's called CryptoLocker and it's essentially a virus that gets on your PC and then demands money to remove it. There's a great article about it on Ars Technica that explains it in more detail and includes screenshots. It was also discussed on the this week's episode of TWiT (jump to about 30 minutes in to hear just that part).
 
Some important notes:
For now, this only affects Windows. If you're using ChromeOS or a Mac, you're safe. If you're using your phone or tablet, you're safe. Any files you have saved to Google Drive, Dopbox, Gmail, etc. are safe.


Some history on this threat:
This tactic is called Ransom Ware and has actually been around for a LONG time. Have you ever seen those popups that have the FBI logo and say something like, "we found illegal files on your PC! Give us $100 and we won't tell the FBI." Those are simply lying to your face in the hopes that you give them money. One estimate said these guys make over $5 million a year from this.

This threat is simple spyware and can be easily removed with a spyware scan or even by taking your computer to GeekSquad or something. You can get rid of it, and none of your files are ever threatened.

The new threat:
CryptoLocker works very differently. If it gets installed, it uses ultra hard core encryption to lock files. It can encrypt anything it can find, including documents, pictures, and even files on USB drives or external hard drives.

If you're not familiar with how encryption works, here's the short version. Once encrypted, files can't be accessed without the key. If they key is lost, the files are forever gone. Nobody can ever get them unlocked, not you, not GeekSquad, not even the NSA.

So CryptoLocker uses this hard encryption to forever lock your files and then demands that you send them money in exchange for the key. Some reports are saying they're demanding as much as $300 and they only give you a few days to decide before deleting the key. Once that encryption key is deleted, your files are truly gone forever.

How you can get infected:
As with most threats, this one has to come from somewhere. You can't simply get it from visiting a weird webpage or from opening an email. As with all of this, you get it from allowing something to install itself on your computer. So email attachments are prime suspects, as are shady webpages that promise free music or movies. Anything you download and then open could contain this.

How to stay safe:
So the trick to staying safe is the same as its always been: be super careful about what you do on the Internet. If you don't recognize an email, don't open the attachment. Even if you get an email from someone you know or from your bank or something, if there's an attachment it wants you to open, think twice.

Another important part is backing up. You've heard it before, I'm not telling you anything new here, but if you have any important files physically on your computer, please back them up somewhere OFF SITE. This threat can affect external drives, so simply moving your photos to an external hard drive isn't good enough. Even network attached storage drives are vulnerable to this.

Final thoughts:
This is a really new threat, so virus  scanners haven't necessarily caught up with it. And even once they do, the bad guys will simply change the way they do things to get around it again.

My opinion is that this is going to be the new norm for threats. Somebody described this as, "almost perfect terrorism" and I totally agree. This is scary stuff that can truly delete all of your files. And it's not just deleting, it's even creepier than that, because you know someone else has the key.

It's like having someone change the locks on your house while you're away and demanding you pay them for the new key or they'll burn it down. It actually feels violating to think about it happening.

So yeah, this seems like I'm recreating those fake virus scare emails from long ago, but this one is a lot more serious because there's no recourse. There's LITERALLY no other way to deal with this than to pay and hope they actually give you the key.

Stay safe out there, my friends.