443-992-7394

Malware to Watch Out for Cryptolocker

Keeping your network, computer and data safe is everyone’s biggest concern. Unfortunately, there are hackers out there in the internet trying to gain access to your private data. In an attempt to gain access to your sensitive files, hackers will create malicious software that can destroy your files and wreak havoc on your computer. Below is some information about what it does:

  1. The software is typically contracted by use of email phishing techniques. They masquerade as something from someone you trust, and get you to click a link and run their software.
  2. The software downloads, and connects back to one of a whole bunch of servers that are on-again-off-again, to make it harder to find, and disable. When the software connects, an encryption key-pair is created (public key/private key).
  3. The software then downloads the public key to your machine, and uses it to encrypt every document file (e.g. .doc, .docx, .xls, .xlsx, .txt, etc.) it can find on your hard drive, and any other drive it can find connected to your machine (i.e. network drives). The encryption uses an RSA 2048 bit cipher, making it impossible to decrypt without the private key. (That’s how this type of encryption works: One key encrypts. The other decrypts.)
  4. When it finishes encrypting everything it can find, it brings up this window, which instructs you to either pay the money. (In this case, it shows $100. In others, it could be $300 or more.) It also starts a timer. If you don’t pay the ransom by the time the timer runs out, the private key is deleted, and your data will never be accessible again.
  5. Once the data is encrypted, I want to reiterate that there is no way out of it! You will pay, or you will lose your data. The only alternate recourse is to clean off the machine, and restore everything from backup… if you have one.

The important information that you need to know is, you always need to be suspicious about clicking strange links, especially if they want you to run a program of some sort. And always make sure your data is encrypted to help keep it safe.

If you have any questions, please contact Working Nets by calling (443) 992-7394 or visit WorkingNets.com today!

Welcome to Working Nets – your virtual IT Department!

You can also follow us on Facebook, Twitter, LinkedIn, and Google+.