Latest versions
of Ransomware (CryptLocker and Cryptowall ) is not a typical malware that aims to destroy or still your
personal documents. It restricts access to the infected files as it is encrypts (changing file extension as well) certain
types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the
malware's control servers. After infection completed a message appears offering
to decrypt the data if a payment (through either pre-paid card or bitcoins ) is
made by a stated deadline, and threatened to delete the private key if the
deadline passes. If the deadline is not met, the malware offered to decrypt
data via an online service provided by the malware's operators, for a
significantly higher price in bitcoin. For that reason Ransomware considered a
"scareware".
Researchers considered CryptLocker infeasible to break.
Philosophy
of Ransomware is to “force” all users that has been infected to pay the hackers
in order to unlock their files. Important data such as photos, word documents,
excel documents, pdf documents are sensitive to CryptLocker, and the only way
to ensure data integrity and protect your data from CryptLocker is to backup
everything to an external source. As the cryptography is not possible to break
and is not reversible, the only way to regain control of your data is to pay
the only trusted source that can remove the cryptography from your files, the
creators of that malware.
“Trusted” Source
It
is very simple, they want to force infected users pay the amount but simultaneously
they want all users to know that they will recover all data back 100%. From the
beginning that was the philosophy of Ransomware. On the other hand, paying the
ransom demand only encourages even more crypto ransomware campaigns.
The cybercriminals behind
ransomware do not particularly care who their victims are, as long as they are
willing to pay the ransom.
Notable examples
- In 2012, a major ransomware trojan known as Reveton began to spread.
- Encrypting ransomware reappeared in September 2013 with a trojan known as CryptoLocker
- In September 2014, a wave of ransomware trojans surfaced that first targeted users in Australia, under the names CryptoWall and CryptoLocker (which is, as with CryptoLocker 2.0, unrelated to the original CryptoLocker).
- Another major ransomware trojan targeting Windows, Cryptowall, first appeared in 2014.
