01 December 2013

CryptoLocker malware is “significant”, finding its way to Australia: Experts

Just when it seemed 2013 might end without any major security attacks, the CryptoLocker malware has surfaced and begun creating havoc.

The virus acts as “ramsonware”- it takes computer files hostage and demands a ransom under the threat of erasing the data. 

McAfee APAC chief technology officer, Sean Duca, said CryptoLocker typically infiltrates a system though a PDF attachment emailed by cyber criminals.

“If you open the attachment, it installs malware on your hard drive that lets hackers access your computer files,” he said. 

“The files are then encrypted and you're unable to access them.”

The malware has already infected systems overseas, but Trend Micro ANZ software architecture director, Jonathan Oliver, said the global nature of the Internet means that it is finding its way locally as well.

“These attacks are very widespread globally, and this is impacting Australians,” he said.

No way out

From the analysis McAfee has done so far, a pattern in the cyber criminals’ behaviour has been detected.
“Once infected, the cyber criminals will contact the organisation or individual within two days, seeking payment,” Duca said.

“If they don’t pay up, their documents will be deleted.” 

During the blackmail phase, the cybercriminals will demand payment not in cash or credit, but with a virtual currency called Bitcoin. 

While many malware in the past have taken the stealth route and attempted to remain in a system anonymously, Trend Micro’s Oliver said it is “quite obvious” when you are infected with CryptoLocker.

“What makes this malware significant compared to other attacks is that the impact on victims is significant,” he said.

Unlike other malware in the past, McAfee’s Duca points out that CryptoLocker comes with an added malicious angle.

“Even when you remove it, it does not restore the files,” he said. 

One step ahead

While regular consumers are a target for CryptoLocker, McAfee’s Duca warns that any organisation could be targeted. 

“Businesses are particularly vulnerable to this attack because many haven’t adequately protected file-sharing between employees,” he said.

“If this is targeted to a user with higher privileges in an organisation then potentially every document which could be accessed by that user could be locked.”

As for what can be done to overcome CryptoLocker, Trend Micro’s Oliver repeats the old age adage of “prevention being better than the cure.”

“Put in place an automated backup solution and consider turning on enhanced antispam features such as IP reputation,” he said.

McAfee’s Duca also emphasised the importance of having “great backup” to get your files back. 

“You also need up-to-date Windows and antivirus patches,” he said.

Another countermeasure that Trend Micro’s Oliver suggests is potentially putting in a stricter email policies.

“For example, blocking zip files that contain executable files, as only technical sophisticated users should ever receive such files,” he said.

Not opening attachments from unknown senders also goes a long way, and Oliver recommends employees talk to IT staff if they get an email with a password in it.

arnnet.com.au 27 Nov 2013

The comments on the article are just as important as the article itself, which are as follows:

Dean Knowles


1
Wow. Only 10 weeks behind the times, ARN!. This has been infecting Australian businesses as far back as beginning September (I know, I have resolved this nightmare for several businesses)
And it is NOT quite true that the affected business will have their files deleted if they refuse to pay the ransom. Instead, the files remain, but remain encrypted.

Eugine Kaspersky


2
Spot on Dean, it would be nice if so called experts actually knew what they were talking about!! A lot of general information and little accurate detail!



No comments:

Post a Comment