New malware hijacks your computer, encrypts files

Posted by: Phineas on December 20, 2013 at 12:58 pm

**Posted by Phineas

"Shouldn't have opened that email"

“Shouldn’t have opened that email”

This one’s insidious and perfectly timed for the holidays: a malware bomb disguised as an innocent-looking package tracking email:

It’s called cryptolocker ransomware.

Kevin Swindon is with the FBI in Boston.

“I would think about this particular type of malware as what would happen if your computer was destroyed,” Swindon said.

In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.

Joan Goodchild is the editor of “CSO,” Chief Security Officer magazine based in Framingham.

“This is a criminal operation. They are holding your folders and files ransom. We call this ransomware because that is exactly what it is. You need to pay in order to have access to them once again.”

And that’s what the Swansea police department did, paying $750 to unlock their computers. One wonders what happened to the poor schlimazl who first opened that email.

This is also a timely reminder to be careful about what emails you open. I’m sure almost anyone reading this has received “phishing” messages, fakes that look like they’re from real companies, but really want you to log into their fake web site so they can steal your ID and password. Some of them are so badly done, they’re funny, others are pretty slick pieces of work. This is more vicious, hijacking your system and extorting ransom to get it back.

Take my advice: if you receive email from a company where you have an account (such as Amazon, eBay, PayPal, &c…) that looks at all suspicious, don’t open it; instead, forward it to their security address. They’ll let you know if it’s real or not, and they’re very interested in tracking down fraudsters.

To borrow a line from Hill Street Blues, “Let’s be careful out there.”

(Crossposted at Public Secrets)

RSS feed for comments on this post.

5 Responses to “New malware hijacks your computer, encrypts files”

Comments

  1. Sefton says:

    Case in point regarding emails from “Amazon” – my mom has an iMac and is getting phishing emails from a supposed Amazon order tracker. It contains the typical “business-like” text in the email but it also asks you to click on a .zip file to track your order.
    She’s gotten a few of these and my dad got at least one.
    DO NOT CLICK ON ANY ATTACHMENT WITHIN AN EMAIL if it’s from one of these supposed shopping sites, or anyone else you aren’t familiar with.

  2. Xavier says:

    CryptoPrevent is available for free at http://www.foolishit.com/vb6-projects/cryptoprevent/

    It’s updated as Cryptolocker evolves. You’ll need to check the site regurarly for new versions, or shell out $20 for the premium version that automatically updates.

    CryptoPrevent is also available at MajorGeeks.com but their site search engine doesn’t work very well – just select Anti-Virus on the left hand menu and scroll through the alphabetic list until you find it.

    CryptoPrevent isn’t a substitute for common sense – heed the warning comments others have made above. ;)

  3. Drew the Infidel says:

    I got the PayPal come-on but Norton security software blocked it and warned not to access it so I just deleted it and life goes on.

    I also do not answer phone calls with blocked or unfamiliar numbers. I’ve met all the damn people I want to meet.

  4. steveegg says:

    I see the original version of this is back with a vengeance. Last year, I had to clean my dad’s computer of the non-encrypting version of this.

    There is a reason why I do not let my e-mail client auto-open images.

  5. Now they have tried texting me. This is even more suspicious since I have never used PayPal in my life. Whoever invented “delete” and “mute” buttons has my undying gratitude.

    Q: What do you call a female Grinch?
    A: Gritch.