Holiday PSA: Don't let CryptoLocker be your family's Grinch this year

By Michael Carney , written on December 23, 2013

From The News Desk

If you’re reading this, there’s a high probability you’re fairly technologically savvy. And with that comes the likelihood that you’re running an unofficial IT helpdesk for the rest of your family. So with the holiday season officially upon us, consider this a public service announcement and a plea for you to share some tried and true advice with the less sophisticated folks in your life: Don’t open strange email attachments, or click on unknown links or those from unknown senders.

Earth shattering, it is not, but this advice could not be more timely. The Windows-using population is currently fighting one of the worst, and most bedeviling malware outbreaks in recent memory. But it’s no longer a secret, so don’t let your family be caught off guard.

The CryptoLocker virus has infected an estimated 250,000 in its first 100 days (ending September 30), according to new research by Dell SecureWorks released last week. Victims find all of the files and data on their machine, as well as any connected drives or cloud lockers (Dropbox, et al) are strongly encrypted using Microsoft's third-party certified CryptoAPI, and thus fully inaccessible. Equally bad, it renders the machine, and any others on a shared network, unusable until the encryption scheme is unlocked.

Unlike most malware, CryptoLocker isn’t the work of some punk hacker looking for “lolz,” nor is it an attempt to gain control of a user’s machine for use in a botnet or to steal personal information. Rather, it’s a ruthless and, as yet, unbreakable extortion scheme. Victims are instructed to pay a flat fee of approximately $300 worth of bitcoin within 72 hours in exchange for access to their files. Miss the deadline and the price increases tenfold.

To date, the person(s) behind CryptoLocker are believed to have collected several hundred of million dollars in extortion payments as a result of this scheme. ZDNet author Violet Blue traced 41,928 BTC worth of payments to known CryptoLocker bitcoin wallet accounts between October 15 and December 18. At today’s bitcoin price of $626, that equates to more than $26 million over this two month period. This figure excludes the possibility that many of these coins may have been liquidated closer to the crypto-currency’s all-time-high of more than $1,200 reached in early December and is also limited to these known wallet addresses.

Perverse as this logic may be, the good news in this scenario is that the thieves have honored these ransom payments and victims have in fact regained access to their files. They have been equally consistent in keeping files encrypted when their targets fail to cooperate. This is simply good business, after all. If word gets out that there is no use in paying to extract your data from CryptoLocker’s grasp, the money flow would screech to a halt and the gig would be up. But with ample evidence online of unlocks delivered as promised, and a painful, yet broadly-affordable price point, most victims choose to simply pay up and go on about their lives.

Despite attempt by many of the best in the security business, no one has managed to break CrytoLocker yet. And it doesn’t appear that law enforcement is anywhere close to identifying the shadowy figures behind this scheme. The closest anyone has come is to note that many of the IP addresses used by the remote servers controlling the malware are located in Russia and Eastern Europe. Most of the victims have been located in the United States and elsewhere in the English-speaking world.

Bitcoin’s semi-anonymous nature is no help. The perpetrators have used the Just-Dice casino and other mixing tactics to launder the virtual currency, and have become more sophisticated of late by dynamically generating a new bitcoin wallet address for each attack. In other words, the payment trail is as cold as the winter weather.

So coming back to our holiday season, please remind your family members to be caution and skeptical with their downloads and clicks. They would also be wise to avoid the peer-to-peer game Gameover Zeus, which is a known attack vector. It’s unlikely that they will fully understand what CryptoLocker, encryption, bitcoin, or any number of other relevant concepts mean, but the details are irrelevant.

The takeaway is that this is a real problem, and one that could cost them more than slow PC performance or a few days of downtime. The monetary stakes are real, even if the currency of choice is virtual.