Mobile Commerce Insider Featured Article

July 16, 2014

U.S. Government Neutralizes CryptoLocker, but Battle against Ransomware Not Over

The U.S. Department of Justice (DOJ) recently filed a report with a Pennsylvania federal court stating that the infamous ransomware known as ‘CryptoLocker’ had been effectively neutralized. This accomplishment was made possible by an international effort of law enforcement agencies that disabled a botnet that facilitated the malware’s spread.

CryptoLocker and other ransomware work by seizing control of basic control of a computer’s functions. Users cannot run any other programs or navigate between programs as with Windows’ Alt+Tab key combination or by launching Task Manager. The ransomware encrypts data files on the computer with RSA public-key encryption and demands payment of a ransom from the user, typically within a time limit of three to four days.

These files supposedly remain encrypted until the ransom is paid, but payment does not guarantee decryption. Payment is made through untraceable methods like Bitcoin or certain cash cards. If the time limit expires without the ransom being paid, the ransomware terminates and the affected files remain permanently encrypted. Infection occurs from emails that use social engineering to entice recipients to open an attachment containing the malware.

The key to neutralizing CryptoLocker was to undermine the command-and-control capability of a botnet known as Gameover Zeus that worked in a network of infected computers. An FBI estimate claimed that the malware was responsible for losses of more than $100 million. Evgeniy Mikhailovich Bogachev, a Russian national, is the alleged ringleader behind CryptoLocker and is currently wanted by the FBI.

Prevention is the best defense against ransomware like CryptoLocker. Users should back up important data regularly and avoid opening email attachments from an unknown source. Those who have been infected with this malware can follow instructions provided by the U.S. Department of Homeland Security. It is also important to remember that although CryptoLocker has been disabled, hackers will continue to develop more sophisticated attacks in the future. 







Comments powered by Disqus


Related Mobile Commerce Insider Articles