I know two swallows don’t make a summer – as dull as that summer may be – but when I get two ‘ransomware’ virus variants in one week that I cannot repair – it makes for a Viral Armageddon in my book! (Not to be too overly dramatic about it).
Ransomware is computer malware that executes a data encryption attack and demands a ransom payment to restore data. Since it first appeared we have seen various copycat versions that try to extort money through the encryption or perceived encryption of your user data. In the past they might flag up a fake ‘Police warning’ notice on your computer screen asking you to pay a fine for your legal redemption. Now they are more direct, encrypting your user data before your eyes and telling you that you need to pay to get it back. The bad news is that the files are truly encrypted with military grade technology that, unless you have backup, you will be left to consider paying for in Bitcoin – that’s an untraceable online currency currently trading at 430 GBP.
This is an extremely profitable trade for the virus authors and their affiliates. Over the past few years, malware authors have refined their infection techniques and sold their services, almost like a franchise, to distributers who in turn will make a cut. This ‘Ransomware-as-a-Service’ gains more traction every day among the world’s shadys. Interestingly, the newest variant of Cryptolocker, called ‘locky’, will detect the platform language of a computer and, if it is Russian, will delete itself.
I believe these threats are going to become even more prevalent in the coming years and will probably become, in one way or another, the primary data security threat that we will face. Keep in mind that this threat is an urgent reminder of the importance of backup. With Cryptolocker, the encrypted files cannot be recovered.