

The contamination proper would take place when an unsuspecting user opened up an attached ZIP file that contained a malicious executable made to look like it’s a PDF item. Note that the original version of the ransomware additionally accepted payments made via Green Dot MoneyPak (USA only), Ukash or cashU – this was some lame OPSEC, obviously, and the crooks ended up excluding these easily traceable channels from their modus operandi.Īt its dawn, CryptoLocker was known to spread by means of sending emails masqueraded as ones concerning customer issues related to FedEx, DHS, UPS, etc.

The payment is to be made within 96 hours otherwise all of the encrypted files will be lost. Newer versions can demand up to $1,000 worth of cryptocurrency. It encrypts your personal files using asymmetric encryption, which means that the decryption process involves a public and private key, the latter being stored on the criminals’ remote server.įor the users to have their files decrypted, they needed to pay a fee of $100-300 via Bitcoins (the cheapest option according to the fraudsters’ notice). Furthermore, unlike ransomware which attempts to disguise itself as something legitimate, this type of malware goes straightforward on the victim and in no way conceals its true extortion nature.

Whereas regular screen lockers yield to removal and complete remediation of the contaminated system via a special procedure, CryptoLocker encrypts users’ files and won’t allow for restoring those unless a certain amount of money is paid. The reason is the launch of a vicious computer infection known as CryptoLocker which in terms of severity and consequences for the infected PCs outstripped the typical “Police” ransomware dominating the extortion landscape at that time. September 2013 turned out fruitful and lucrative for one of the cybercrime syndicates out there, but really alarming for private users and organizations on the other side of the IT security battlefield.
