The Sm@rtEdgeLaw Group

- "Smart companies need a Sm@rtEdge" TM

FTC and FBI Issue Warning About “CryptoLocker” Malware

Safeguarding data security and privacy is a constant battle.  We always recommend the use of encryption for mobile devices, laptops and all crucial company data or consumer records containing personal, sensitive or medical information.  In a devilish twist, however, cyber criminals have turned encryption against unsuspecting victims, to beg the question: “Are your computer files worth $300 to you?”

Since late last year, a fiendish “ransom Trojan horse” malware known as CryptoLocker has been circulating via e-mails and “drive by” downloads where a ZIP file attachment contains an executable file with the filename and icon disguised as a PDF file.  When clicked upon the malware goes through a number of install steps and then attempts to contact remote servers to generate a 2048-bit RSA encryption key pair with the public key sent back to the infected computer.  The virus then proceeds to use the key to encrypt all data files with certain common extensions – doc files, pictures, etc. – BOTH locally and across network connections accessible to the infected computer.

The bad actors then step in, and put up a message that for $300 they’ll send you the decrypt key to recover your files, hence the “ransomware” appellation. The problem is that there’s no guarantee that payment will result in receipt of the proper private key and the ability to decrypt and recover files.  In addition the strength of encryption used is, effectively, unbreakable leaving victims in a tremendous bind if the files effected are unique and irreplaceable.

The FTC has put up various tips about how to protect yourself from Cryptolocker, under its Lock, stock, and peril article, but the best way to limit damage Cryptolocker is to back up computer files consistently and to locations that are password protected from casual network access.

To discuss your own data security procedures, plans and processes, feel free to contact us at 203 307-2665 or info@SmartedgeLawGroup.com.

SIgn up for “Smartedge Perspectives” Alerts

The Author

R Santalesa

(p) 203.292.0667 (e) rsantalesa@smartedgelawgroup.com Richard Santalesa is based in Fairfield, Connecticut and New York City.
© 2014 Sm@rtEdge LLC. All Rights Reserved. Attorney advertising. Prior results do not guarantee a similar outcome. Site Map Privacy Policy Frontier Theme
%d bloggers like this: