In recent years, various “ransomware” type blackmail malwares are beginning to become more and more common. These programs provide a straightforward revenue for cyber criminals. Typically, a ransomware infected machine prevents the user from accessing desktop and ask for virtual money or a credit card transaction, so that the program can be rectified. So far, the desktop and the files has been possible to save by removing malicious software like an ordinary virus from workstation and most of the data has not been lost.
However the situation is now changing. A good example of this is a next generation blackmail program, Cryptolocker. That program works insidiously running in the background of an infected machine and little by little conceals the hard drive, shared network drives (where the logged user has access), and linked cloud service files with very strong encryption (for example: Dropbox storage). In practice, that encryption is unbreakable. When files are encrypted, blackmail message will be sent to a user and in a specific time limit user must either pay or all data will be lost. Even thought user would agree to pay, there is no guarantee that the encrypted files can be decrypted anymore.
How to prepare for the worst? Take regularly copy of your files on a USB stick, USB hard disk or DVD and remove media player from the computer when the copying is complete.
How these viruses contaminate the workstation? For example, the original Cryptolocker virus is executable and must be self-installed to the workstation. This can take place i.a. by opening plausible PDF disguised as a EXE attachment which is mass mailed, for example, in the name of the UPS courier company. This type of contaminated files may be offered in on web pages. With file name extensions can and should be careful! Do not open or run any e-mail attachments (or any other vague files), unless you can be absolutely sure about the sender and the attachment file.
(This post was written by Oamk’s Security Officer.)