THREAT OF THE MONTH: Cryptolocker

Cryptolocker
Cryptolocker
What is it?
Cryptolocker/Cryptowall is ransomware targeting Microsoft Windows devices. This trojan selectively encrypts your data. Once encrypted, your data is held for ransom by the attacker (who holds the key).

How does it work?
The trojan is commonly delivered through spear- phishing. Once installed it contacts the attacker's infrastructure (C&C) to register and generate a new set of keys. The public key is then sent back to your device and the trojan starts looking for data to encrypt. You are then presented with the ransom note threatening to destroy the private key (which is in the attacker's possession) unless you pay.

Should I be worried?
Yes. This is a very profitable crime. If your data gets encrypted with the attacker's key, it is difficult to decrypt without the private key.

How can I prevent it?
Backup your data regularly. Watch out for spear-phishing. Use dynamic network blocking to prevent infections and to disrupt communications with the attacker's infrastructure.

– Mark Nunnikhoven, senior research scientist, OpenDNS