The malware can be removed, they say, but there's currently no fix to restore the encrypted files other than paying up.
The Internet Crime Complaint Center, part of the
"Once CryptoLocker has encrypted a file on an infected computer, that file becomes unusable," the university's IT team warned. "There are currently no methods available which allow the encryption process to be reversed. Paying the ransom the publishers of this malicious software are demanding does not guarantee the safe recovery of encrypted files."
The myth-busting website Snopes said the CryptoLocker worm spreads through drive-by downloads, as attachments or as fake emails disguised as a legitimate message, for instance
Users who open the message see CryptoLocker install itself on their system, scan the hard drive and encrypt certain file types, such as images, documents and spreadsheets. The malware then launches a window displaying a demand for ransom, typically in a less traceable form, such as Bitcoins or Green Dot Moneypak prepaid cards.
SophosLabs, an IT security firm, said the CryptoLocker malware typically demands a ransom of about
There may also be a countdown timer with a clock showing the deadline before which the user must submit payment to avoid the files being deleted. The deadline is typically 72 hours, according to Snopes.
So far, the only computers affected are PCs with Windows operating systems.
Technicians generally can remove the CryptoLocker malware from your computer. The problem is that they can't unlock or decrypt files that CryptoLocker has encrypted because the malware uses double "locks," which require a public and a private key, SophosLabs explained.
"The private key remains on a central server maintained by the crooks and hence is not available," SophosLabs said.
IT experts advise consumers to be careful about opening attachments from strangers or spam email. They advise people to back up the contents of their computers so they don't have to pay the hackers for access. So far, those who have paid have regained access to their files and not been reinfected, according to Snopes. However, such payments fund the malware-makers' efforts to infect more computers and create more victims.
Not all ransomware immediately reveals itself by showing a lock screen. Some kinds will display only when you try to open your files, according to SophosLabs.
One kind will encrypt files and delete them but leave a text file with instructions on how you can pay to get them back. The other type of malware locks the screen and demands payment but does not encrypt any files. An example is the WinLocker ransomware.
For more consumer stories, viral stories, scam alerts, tips and the occasional freebie, visit the Public Investigator blog at www.jsonline.com/piblog.
(c)2013 the Milwaukee Journal Sentinel
Visit the Milwaukee Journal Sentinel at www.jsonline.com
Distributed by MCT Information Services