CryptoLocker main window image. (Wikimedia)
Federal statute calls for agencies to keep meticulous records: Functions, policies, decisions, procedures, essential transactions, and the list goes on. An emerging piece of malware could make it difficult if not impossible to comply.
CryptoLocker will hijack a computer and encrypt all its contents, making past and present work unreachable. The cyber thugs will then offer to sell a key that will unencrypt the files. Typically they’ll give the victim 72 hours to send about $300.
For agencies charged by law with maintaining good records, this is a particularly nasty piece of malware.
“The idea of ransoming someone’s data for money is not necessarily new,” said Jeffrey Gennari, senior malware analyst, CERT Division at the Software Engineering Institute of Carnegie Mellon University. “What’s different here is that the encryption used is very strong.”
Incidents of CryptoLocker have been reported steadily since it reared its head last fall. Dell SecureWorks CTU says 200,000 to 250,000 victims had been hit by mid-December.
The program can find its way in directly: For example through a song download or a malicious email attachment, said Chris Kanich, assistant professor of computer science at the University of Illinois at Chicago. Or it can be picked up by visiting an infected web site.
Either way, an impacted user has few options. Because of the program’s extremely sophisticated encryption, “there is no way for a forensic analyst to go in and find that key,” Kanich said. Nor will the IT experts likely be able to unencrypt the data without the key.
Yet paying up seems unpalatable. “If you send $300, you are pretty much trusting that the guys who are ransoming your data in the first place are going to do the right thing and not just walk away with your data,” Gennari said.
At this point it’s not known how many have paid, Gennari said, or whether the kidnappers have made good on their promise to set the data free.