Beware the PDF.EXE extension
Johannesburg-based Dial-a-Nerd MD Roberto Caprio said CryptoLocker is the most dangerous programme of a range of malicious software called Ransomware.
“Cyber criminals literally hold your computer for ransom, demanding payment for the safe return of your information,” said Caprio.
He said the authors of the software – aimed at all versions of Windows, including XP, Vista, 7 and 8 – have gone to great lengths to make it effective, “bringing out new versions, keeping up with changes in protection technology and targeting a variety of people over a lengthy period.” He said the quickest way the virus reaches victims is via e-mail spam. Caprio said the e-mail contains an .EXE attachment, disguised as a PDF file “PDF.EXE”, that, when opened, infects the computer.
“Once downloaded, it will encrypt files and display a CryptoLocker payment programme on screen, which demands a ransom of a certain value be paid in order to decrypt the files.
“A timer will also be displayed stating how much time is left to complete the payment. Once payment is received, the files will be decrypted,” explained Caprio, adding that this was not 100% guaranteed.
He said newer attacks seem to be via Facebook in the form of video downloads, where the viewer is asked to download an application to run the video. “This application, in all likelihood, is some form of malware, with the worst case scenario being CryptoLocker,” he said.
Caprio said the virus can only be decoded using a decryption key, which is held by the author. There are no known decryption tools to clear it and the time limit was the biggest hurdle, “as brute-forcing the decryption key is not realistic due to the length of time required to break the key”.
He said at this stage prevention was the only solution.
“We cannot stress enough the importance of backing up your data; install a reputable security protection programme; enable your PC’s ability to see an attachment’s full file-extension and always update software,” he said. — email@example.com