Internet Pirates

There are two new nasty computer malware and ransomware strains currently terrorizing both PC’s and Mac’s. They have gained momentum since their first reports early this year. Both are prolific, becoming more sophisticated in their delivery, and demand a ransom from their victims. We think they’re the new age version of pirates searching for prey on the Cyber Sea.

Internet Pirate #1: Crypto Locker

Crypto Locker is a sneaky ransomware that makes its way onto a user’s computer via an email suggesting a free trial for something desirable, or simply posing as an email from a trusted service provider. The user clicks on the link and that begins the download to install the “freebie” or survey on their device. Crypto Locker then uses an RSA-cyber-pirate-20015422_mbased encryption to lock files on the user’s computer, rendering them useless without a decryption key. Crypto Locker also creates a registry entry so even restarting the computer presents the same message and blocks the user from their files.

Users discover the Crypto Locker attack via a warning message boasting of the encryption and offering a decryption key for $300 dollars.

Experts say that the encryption is at a level that only the NSA could break it, (and you know they aren’t going to help you). That leaves infected users with two choices: pay up or wipe the system clean and restore the files from a backup.

Two of our customers just this week were held hostage by the Crypto Locker. Because we maintain regular backups for them, we were able to get their systems back in business in short order. Others are not so lucky.

Some people attacked by the Crypto Locker actually choose to pay the ransom. Surprisingly the decryption key does work after funds are delivered – although experts warn of future activations of the malware.

 

Internet Pirate #2: Reveton

Reveton behaves a little bit differently than Crypto Locker but like its nasty cousin, Reveton also demands ransom payment to undo the damage. However, Reveton doesn’t require someone to open a file or download anything. Reveton is labeled “drive-by” malware because it will install itself when you simply click on a compromised website. User’s computers are locked down, and they are given a message saying that their Internet address has been recorded by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been involved in child pornography or other illegal activity. In order to remove the lock, victims must pay a fine via a prepaid money service.

Because the Reveton ransomware is a JavaScript Snippet loop that locks up the browsers, it can affect all browsers — even Chrome. And while Mac users generally are not affected by some of the more popular malware strains running rampant on the Internet, even they can fall prey to this scam. Mac users have been able to remove the snippet by clicking “Leave the page” 150 times, or ‘force quit Safari and restart’ while holding down the shift key. Windows users have to reboot in safe mode and remove the ctfmon.lnk file. It’s always smart computing to run a security scan after a malware attack – and know that the next generation of ransomware will come quickly enough. It’s a safe bet that these relatively easy fixes may not last long.

According to Symantec, (producers of Norton Security Software), incidents of ransomware have increased over the past year. While cybercrime victims are fewer, the loss per victim has increased. The best way to protect your data from Internet Pirates is to have a secure backup in place so you can restore your business after they strike.