Ransomware - What, How and Why.

Ransomware - What, How and Why.

In the aftermath of Cryptolocker and Gameover Zeus, is the threat of ransomware still significant? How does ransomware work? How can ransomware be prevented or even removed form the internet completely?

The fight against ransomware and all viruses in general is always an uphill struggle. Your typical anti-virus programs can only prevent attacks from viruses and malware from programs it recognises as threats such as the famous Crytolocker.


What Is Cryptolocker?


Supposedly created by the Russian hacker Evgeniy Bogachev, aka "lucky12345" and "slavik" Cryptolocker is a trojan virus that infected computers via malware. Malware often gets into your system via pirated media and fake advertisements. Cryptolocker was also spread via e-mail attachments, which still today remains one of the most common ways systems are infected. These e-mail attachments could look like anything. Such as a .pdf file, a word document, a powerpoint, etc. although they seem harmless they could always contain code with malicious intent. Cryptolocker was a trojan virus, meaning you would recieve a file (such as a pirated movie or file via e-mail) and then open it yourself thinking that it was harmless, then your computer would be infected. Cryptolocker acted as a ransomware virus. The best ransomware viruses encrypt your personal files and adds itself to the registry of your computer. Cryptolocker did this and also created two processes for itself, one being the actual program and another for keeping the program running if a user wanted to close it.


What Would Cryptolocker Do?



This is what Cryptolocker would do if your system gets infected by it. You would load up your computer as usual and once you reach your own desktop you will be given a timer and a message. The message states that you will have 72 hours to pay a certain cost to recieve the key that would allow you to decrypt and access your personal files again. The program actually had a algorithm that worked out the cost for the key by different currencies (inculding BitCoin) and by how much data had been encrypted. The cost was usually around 400 euros but often was slightly less if paid by BitCoins. BitCoins are an online only currency which is widely used as a way to anonymously buy and sell online. Fraudsters and scammers prefer to use BitCoins as no bank company can trace where the money goes. Crytolocker would give the user a timer in which would indicate how long they had to pay the cost of the key that would release their files before the program destroyed it. Doing things such as attempting to close the program or entering incorecct payment information would be met with warning from the program to half the remaining time. By paying the 300 - 600 euro cost to unlock the key the user would recieve their unencrypted personal files back to them as they had them before they became infected. If you didn't pay the cost before the 72 hours were up then your files will remain encryped and practically unusable. 


Luckily The Threat From Cryptolocker Is Not That Great Anymore


In August 2014 law enforcement shut down a network that was in control of both Cryptolocker and the malware strain called Gameover Zeus. The extortionist gang had created a backup of their victims on a database that they hoped would never reach police hands in the event of an arrest. This would mean they could purge all the data on the primary database and police would lack evidence that could imprison them. They would them simply restore the data from the backup and continue their illegal operations. What they hadn't anticipated was that security firms and police hackers had already gained acceses to part of their network before they had created the backup database. This allowed police to slowly narrow down the list of potentual locations for their network to be based. It also allowed the security firms to find out the names of the victims and their associated file key. They eventually had enough evidence for an arrest and all the victims and their keys were released so that files could be retieved for free.


BBC News Cryptolocker Article

Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide

Call us on: 01865 988 217

Follow us here LinkedIn or here Twitter

The Free Tool To Prevent Ransomware
Anti-Phishing and "Whaling", Companies Fight Back ...

  • At Bongo IT, we know that technology is increasingly dominant and crucial to maintaining business performance and productivity.

    Organisations should make sure they are making the right IT decisions for their current needs, whilst also planning for the future with flexible and scalable solutions.

  • As a special offer, we are offering a FREE one hour consultation to address your current IT setup and recommend an effective strategy for your future requirements.

    Addressing issues such as computer hardware, broadband, data security, file sharing, compliance and more, we’ll help you build a plan and ensure you deploy the most cost-effective IT strategy for your company’s needs.