Earlier this year, a nasty new type of ransomware burst onto the scene. Unlike others, however, this new one’s bite was every bit as bad as its bark. The Cryptolocker hijacker sniffs out your personal files and wraps them in strong encryption before it demands money.
You may remember reading about it back in January. Eight months on, it looks as though Cryptolocker isn’t showing any signs of letting up. In fact, there’s even a new variant making the rounds.
The original demanded payments of $100 to decrypt files. The new and improved version? $300. Clearly those in control of Cryptolocker realized that they weren’t taking full advantage of its criminal potential.
As IT administrators and repair pros struggle to undo the damage, some are finding that giving in to Cryptolocker is the only way out. Amazingly, paying the Cryptolocker ransom does actually initiate the decryption process.
So while it’s generally not considered a good idea to give in to the bad guys (how can you fully trust someone that thinks it’s OK to hold your files hostage?), those without a good set of backups that have been infected don’t have any other options yet.
At least the crooks behind Cryptolocker have some scruples. Often when payments are demanded, the only thing that changes is the balance of the two bank accounts involved. There’s always the potential for reinfection, though, so even if you do get your files back after paying up it’s best to reformat and start from scratch.
Researchers from a number of antivirus vendors are working on a way to undo the damage, but it’s not going to be easy. Decrypting Cryptolocker files requires access to both the public and private keys used to encrypt them. Until authorities get their hands on that second key, the NSA may be the only folks around that can reverse the process.
Read the article on Geek.com.