CryptoLocker- The Evolution of Extortion. The screen shot is an example of the CryptoLocker virus. It encrypts all of your documents, pictures, and everything else on your hard drive and holds it hostage. For a ransom, paid within an hour and averaging between say, $150 and $350, you get the key to decrypt your information and go back about your business, perhaps a little shorter of breath for it.
More CryptoLocker attacks are demanding payment in bitcoin, which complicates the problem because most of us don't (yet) have bitcoin wallets online. The one-hour deadline is daunting but most who try to make the transaction succeed in figuring it out. The New York Times recently wrote about CryptoLocker in this editorial:
Unfortunately, in most cases, the best outcome is had by paying the perpetrators to keep your data. They typically make good on the deal and you get your data back. They want you to know that when they return for more that they will play by the rules they set. Nobody gets hurt, and nobody wants to lose what in many cases is irreplaceable. CryptoLocker has successfully attacked small businesses, hospitals, even a police force and they know what they are doing. For the criminal hackers, the job pays like a slot machine on fire, paying them over and again in anonymous, portable and liquid currency. Ransomware is probably at the crest of a surging, perfect-storm wave, with a long ride of profitable, cyber-based crime well into the future. For more on the subject of the growth of cybercrime: Cyber-Crime: The Distant Threat That's Now at Our Doorstep. And, Understanding "The Cloud".
“The year 2014 may well go down in the history books as the year that extortion attacks went mainstream. Fueled largely by the emergence of the anonymous online currency Bitcoin, these shakedowns are blurring the lines between online and offline fraud, and giving novice computer users a crash course in modern-day cybercrime.”
Brian Krebs, Krebs on Security
Why Now?
The big hacks: Target, Home Depot, SONY, Anthem, they all have a common denominator: the hackers were after our individual information. Cyber crime used to be an institutional problem, but that's not where the money is.
Cybercrime has gone personal because it pays, it pays big, conveniently, and it beats any of the other hacks out there, including for organized crime cartels. CryptoLocker is a symptom of these mega-hacks. We are seeing the emergence of these attacks as an outcome of the vast amounts of stolen personal information being put to use for criminal profit. Hackers curate the data, sort and sift it with BigData software, and assemble pools of victims for large waves of attacks on the most vulnerable of Internet users: the individual, everyday person that engages with technology as a tool for a a busy and productive life. For more on why cyber crime is personal now: Anthem's Massive Data Breach - Cybercrime Has Become Personal.
Cyber-Self-Defense.
The Basics:
- Email - When in doubt, delete it. Look the email over. Who sent it? Does the email address look fishy? If something doesn't feel right, delete it. Whatever you do, don't click any of the links, just delete it.
- Browser Popups - Be suspicious of any popup, including when you are on FaceBook or any other social media site. If the popup catches your eye and you think you might be interested, go to another tab in your browser and search for it. This way you go directly to what you are interested in and avoid an infected link that is looking for you where they know you are.
- Antivirus Software - Even the best A/V software can't stop every virus, especially the new ones before they are discovered and solved for. Still, it's essential to use it, and there are solutions that are quite effective. We strongly recommend real-time antivirus services that monitor the web's activity and your computer or phone, and proactively updates and protects the device without the need for user input. You can read more about this here: 24x7 Continuous Online Security Monitoring.
The Essential:
- Awareness - Awareness, it's crucial now. As Apple chief Tim Cook said in his keynote at the Summit on Cybersecurity and Consumer Protection, in Palo Alto, California a couple of weeks ago, "We must get this right." Cyber risk is a big deal, and we must get this right on all levels including Federal and local governments, corporate, non-profit and individual.