Protecting against CryptoLocker ransomware

AVG users should beware of the CryptoLocker virus that recently came to light in early September.

CryptoLocker is a version of ransom malware that spreads via phishing emails containing infected attachments. Once the attachment is opened an executable file infects the machine and holds it to ransom by encrypting files, which won’t be unencrypted until a cash demand is paid.

Typically, the user receives an email that purports to be from a well-respected government body, or well known brands, and claims to be related to a customer support issue, explained AVG’s chief technology officer Yuval Ben-Itzhak.

More recently, the virus is reportedly spreading via the well-known ZeuS botnet.

As soon as the attachment downloads it infects the computer, encrypting users’ files using asymmetric encryption, featuring a public and private key pair. The public key is used to encrypt and verify data, while the private key is used for decryption.

Once activated, the malware encrypts a variety of file types on compromised Windows PCs before delivering a ransom message asking for payment before a fixed deadline that usually falls within three or four days from activation date.

A clue to the legitimacy of the demand is that payment are requested in the form of anonymous prepaid cash services such as MoneyPak, Ukash, cashU or through the Bitcoin digital currency.

“By having an installed, active and up-to-date antivirus program on their PC, users can minimize the risk of infection,” said Yuval.

“Nevertheless, users should be wary of opening attachments from unsolicited emails even from well known organisations, such as government bodies.”