Security writer Brian Krebs has called it a “diabolical twist on an old scam.” It’s a classic phishing attack, except the malware is sophisticated in getting past antivirus programs, infecting computers via several surreptitious steps: after victims get the first spam email, the attachment that a victim opens downloads a separate application, which downloads malware that finally downloads Cryptolocker, according to Uttang Dawda of security software firm FireEye, who has been studying the malware over the last month.ĭawda says that tens of thousands computers have been affected and that the perpetrators, who appear to be in Russia based on domain name tracing, are likely bringing in millions of dollars in ransom payments. The malware that infected David's company was confined to one PC because it was not networked, and took out .doc. If files are shared on a network, the malware can spread to other machines too, or USB thumb drives connected to the infected computer. The emails are targeting small businesses, and the malware goes after Windows files (70 different ones) such as PowerPoint and Excel files. Cryptolocker has been spreading via what looks like legitimate business e-mails, fake FedEx and UPS tracking notices, or phony correspondence from banks and other financial institutions. None of his colleagues would own up to opening the fake, e-mailed attachment that let the malware run loose.
"I didn't even think about the payment method because I felt so angry that criminals would benefit from that." He ended up getting rid of the malware by rolling Windows XP to a previous restore point to eliminate the malware, which of course didn't restore the encrypted files. The files were not not vital and the company could afford to lose them, but it was “a bit of a blow to my pride,” David says. In the end, Cryptolocker did exactly as it threatened, leaving everything encrypted and the key deleted. When he checked his antivirus logs afterwards, he could see when the malware had entered, but there had been no quarantining action and it was left to spread. “I couldn't understand how the trojan got in and why the antivirus didn't stop it,” David says.
0 kommentar(er)
