Tag: cryptolocker

Cryptolocker virus: Australians forced to pay as latest encryption virus is ‘unbreakable’, security expert says

Cryptolocker virus: Australians forced to pay as latest encryption virus is 'unbreakable', security expert says

Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus known as Cryptolocker.

There has been a rise in the number of people falling victim to the latest version of an encryption virus which hijacks computer files and demands a ransom to restore them.

The “ransomware” infects computers through programs and credible-looking emails, taking computer files and photographs hostage.

Cryptolocker comes in a number of versions, the latest capitalising on the release of Windows 10.

It can arrive in an email disguised as an installer of the new operating system in a zip file.

IT technician Josh Lindsay said he had been repairing computers for 15 years but the current form of the virus was “unbreakable”.

“It’s definitely the worst I have come across,” he said.

The hackers offer computer owners a chance to retrieve data – but only if they pay a ransom using the electronic currency Bitcoin.

“If it’s on Bitcoin they can use it to purchase anything online from gold bullion, to shares, to property even and it’s virtually untraceable,” Mr Lindsay said.

Virus victim Renata Eugstar said she decided not to pay the ransom price.

“I just wouldn’t pay it out of principle, I suppose there are people out there that have to, you know, if it is a business,” she said.

Michael Bailey from the Tasmanian Chamber of Commerce and Industry said when his organisation was hit, a ransom equivalent to $US350 was paid to overseas hackers.

“It was cheaper for us to just pay rather than worry about trying to fix it,” he said.

“The advice from our IT people is – some of the best in Australia – was that it would take weeks for them to work out how to unencrypt the files, if they could at all.”

The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam.

The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers.

“That’s the tip of the iceberg,” she said.

Thomas King, the general manager of the Australian Cyber Emergency Response Team (AusCERT) and part of the University of Queensland, said the number of computers infected by the virus was on the rise.

“Individuals, companies, not-for-profits, organisations of all kinds have paid and it’s a sad state of affairs that so many people do feel the need to pay because they don’t have good enough cyber security protections,” he said.

Mr King has urged people to take precautions when opening emails and to ensure good backups of any data is kept offline.

 

New Version of Teslacrypt changes encryption scheme

New Version of Teslacrypt changes encryption scheme

A new version of the nasty TeslaCrypt ransomware is making the rounds, and the creators have added several new features, including an improved encryption scheme and some details designed to mimic CryptoWall.
TeslaCrypt is among the more recent variants of ransomware to emerge and the malware, which is a variant of CryptoLocker, is unique in that it targets files from gaming platforms as well as other common file types. Version 2.0.0 of TeslaCrypt discovered recently by researchers at Kaspersky Lab, no longer uses a typical GUI to show users the warning about their files being encrypted. Instead, the malware opens a page in the user’s browser to display a warning message that is taken directly from CryptoWall.

That change, researchers speculated, could be a way to make TeslaCrypt seem more intimidating.

“Why use this false front? We can only guess – perhaps the attackers wanted to impress the gravity of the situation on their victims: files encrypted by CryptoWall still cannot be decrypted, which is not true of many TeslaCrypt infections,” Fedor Sinitsyn of Kaspersky Lab wrote in an analysis of the new ransomware.

But the more significant modification in version 2.0.0 is the inclusion of an updated encryption method. TeslaCrypt, like many other ransomware variants, encrypts the files on victims’ machines and demands a payment in order to obtain the decryption key. The payment typically must be in Bitcoin and the attackers using crypto ransomware have been quite successful in running their scams. Estimates of the revenue generated by variants such as CryptoLocker run into the millions of dollars per month.

Researchers have had some success in finding methods to decrypt files encrypted by ransomware, specifically TeslaCrypt. But the change to the malware’s encryption method may make that more difficult.

“The encryption scheme has been improved again and is now even more sophisticated than before. Keys are generated using the ECDH algorithm. The cybercriminals introduced it in versions 0.3.x, but in this version it seems more relevant because it serves a specific purpose, enabling the attackers to decrypt files using a ‘master key’ alone,” Sinitsyn said.

“Each file is encrypted using the AES-256-CBC algorithm with session_priv as a key. An encrypted file gets an additional extension, ‘.zzz’. A service structure is added to the beginning of the file, followed by encrypted file contents.”

The TeslaCrypt authors also took out the decryption mechanism in the malware that researchers were able to exploit in previous versions.