Malware Attacks Continue to Accelerate in 2013

By the DynaSis Team

Earlier this year, we offered some information and advice on malware and cyber-attacks, but the news surrounding these threats has become so concerning that an update is in order. Recently, a new Trojan horse named CryptoLocker surfaced. (A Trojan horse is malware that masquerades as beneficial.) CryptoLocker is especially crafty―it disguises itself as a legitimate attachment and then, when activated, it encrypts file types―such as Word documents and Auto Cad files―stored on your computer systems’ drives.

CryptoLocker stores the decryption keys for these files on its own servers, and infected users see a message that offers to decrypt the data and return access to it for a fee (usually around $300). It also warns message recipients that it will delete the key if a certain deadline passes. In November, a group assumed to be the perpetrators launched an online site that purports to unlock CryptoLocker-encrypted files after the deadline passes for 10 Bitcoin (more than $2000) per file.

For the encryption, CryptoLocker uses 2048-bit RSA public-key cryptography, which is virtually impossible to break. Removing the program is not difficult, but it does not afford companies access to their files, which remain encrypted. So, firms are faced with two choices unless they have a recent backup―pay the ransom or lose the file. Of course, no one wants to pay criminals ransom, but the alternative may be loss of important corporate data.

CryptoLocker usually spreads through a zipped (compressed) attachment to a seemingly safe email message (often appearing to originate from a legitimate company). Given that it only targets Microsoft Windows PCs, it presents a significant threat to U.S. companies, the majority of whom run Windows computers.

DynaSis is launching a new anti-malware service that will defend companies against CryptoLocker and other insidious threats. We are also following up on a new report, just released, that indicates many recent cyber-attacks may be shared development and logistics operations masterminded by broad consortiums of cyber-criminals.

If this is true, it increases the likelihood of attacks becoming even more frequent, ferocious and difficult to block. We will report on this issue in the next few weeks. In the meantime, to learn how we can protect you against these threats, give us a call.