Yeah… Speaking of malware…
With all of the email problems I’ve been having over the past month or so, I’ve had my hands full. I’m nearly certain that I’ve got some kind of malware. Removing it, has been a real chore; but at least I don’t have any ransomware. Yeah. That would really suck.
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay a ransom through an online payment system in order to regain access to their data or system. Some ransomware encrypts files. Other ransomware blocks communications.
No matter which way you look at it; you don’t have access to your data. Depending on how valuable that data is to you or to your organization, that can be a problem.
One of the most popular pieces of ransomware is CryptoWall or CryptoLocker – same thing. CryptoWall is a Microsoft Windows based Trojan horse. A computer that is infected with this virus has its hard drive encrypted, with the RSA decryption key held by a third party.
When infected, the virus payload installs itself in the user’s profile folder and then adds a key to the registry that causes it to run on startup. It then attempts to contact one of several, designated command servers where it retrieves a 2048bit RSA key pair. The command server sends the public key to the infected computer.
The virus then encrypts the user’s files across all local and mapped network drives with the public key and logs each encrypted file in a registry key. The process only effects files with a specific extension type – usually those belonging to Microsoft Office, OpenDocument, JPEG, GIF, BMP, etc.
Once encrypted, the virus then displays a ransom message that includes a countdown clock. If a ransom of $400USD or €400 in the form of a pre-paid cash voucher – like a MoneyPak or an equivalent amount of BitCoin. If the ransom isn’t paid within the specified timeframe, your decryption key gets deleted, and then there’s no way to decrypt your data. Once paid, the user is able to download a decryption program, preloaded with the decryption key, that unlocks the files.
However, some victims have claimed that even though they have paid the ransom, their files were not decrypted.
Now, there are three ways to get rid of CryptoWall/ CryptoLocker once you get it. Some of them are easy, others are not. Let’ run them down so you know what the options are.
- Pay the Ransom
- Restore from a Non-Infected Backup
- Use an Appropriate Mitigation Method
- Call it Quits and Restart from Scratch