cryptolocker Archives - Latest News from Backup Technology

Security experts have managed to offer a lifeline to those who have been affected by the Cryptolocker malware as they can now unencrypt your data for free.

An online portal called Decrypt Cryptolocker has been created by security firms Fox-IT and FireEye where the victims can get the encryption keys by submitting one of the encrypted files.

Greg Day, chief technology officer at FireEye stated, “All they have to do is submit a file that’s been encrypted from that we can figure out which encryption key was used.”

Greg Day also recommended that those who wish to utilise the portal to receive the keys should submit a file that doesn’t contain any confidential data.

Once the Cryptolocker malware was on a Windows machine/server, it would encrypt files and demand a payment to be made within 72 hours to receive the keys to unencrypt the data. If no payment was received within the window, the keys were destroyed, rendering the encrypted data useless. It is believed that the requested payments were in the region of $400, €400 or the equivalent in the virtual Bitcoin currency.

Security firms Fox-IT and FireEye were able to create the portal after security researched had managed to obtain a copy of Cryptolocker’s database of victims after police forces and security firms gained control of part of their network and grab data as it was being sent.

The FBI have also charged a Russian man, Evgeniy Bogachev, aka “lucky12345” and “slavik” who is accused of being the leader if the gang behind Gameover Zeus and Cryptolocker.

From analysis, it is thought that as little as 1.3% of all people who were affected by the Cryptolocker malware paid the ransom fee to get their data back. Despite such a low number of people paying, it thought that the gang managed to earn around $3 million.

It is thought that the percentage of those who paid was so low because they either managed to recover their data from backups or just accepted that they have lost the affected data and refused to pay.

A massive international anti-cyber crime initiative has recently made a breakthrough, with a wanted notice for Russian national Evgeniy Mikhailovich Bogachev issued by the US government. Bogachev is thought to be the mastermind behind two of the most recent (and most infamous) internet phishing schemes, commonly known as Gameover Zeus and the Cryptolocker virus.

GameoverZeus is a piece of malware that, when deployed on a victim’s computer, is able to target and extract login information for a range of applications ranging from social media and email accounts to online banking details. A different type of Zeus malware can also be used to install the ransomware Cryptolocker if the Zeus trojan is unable to find what it’s looking for.

As the Zeus group of malwares are trojans, and are therefore not designed to be found, Cryptolocker has become slightly more well known to users. Its function is to demand a ransom for certain files which have been infected by Cryptolocker. Affected users then face the dilemma of losing what is potentially an important file, or submitting to the ransom demands, with no real guarantee that they will get their file back anyway.

The US Department of Justice has officially issued charges against Bogachev, thought to be a ring leader of cyber-criminals, after the botnet that was operating the phishing scams was brought down. The effort was a collaboration between law enforcers from the US, as well as the UK and private security firms from around the world. The team was able to take control of the “Command and Control (C&C)” servers which had orchestrated the criminals’ operation.

However, the UK’s National Crime Agency (NCA) were quick to point out that this intervention is only temporary, as it would only be a matter of time before the criminals acquired new C&C servers from which they can run their operation. The NCA stressed to users the importance of ensuring that their computers were free of malware and protected against future infection.

The affect of the Zeus and Crytolocker malwares has been huge, and on a truly global scale. The scams can affect both home users and businesses and highlight the need to have the proper security measures in place.

Here at Backup Technology we have seen many of our customers affected by Cryptolocker in particular. Luckily, the files affected were securely backed up in our data centres, and so were retrievable. Had they not been backed up, the affected customers would have suffered the inconvenience, and potentially damaging affect of losing important files.

If you feel you are vulnerable to either Cryptolocker or the Zeus trojan, why not make an enquiry about our Cloud Backup and Disaster Recovery services. They could end up saving you a huge amount of stress and money should the worst happen!