X

Devastating new malware: pay up or lose your files

A new ransomware doing the rounds is one of the most vicious seen, directly targeting specific files and destroying them if you don't pay up.

Michelle Starr Science editor
Michelle Starr is CNET's science editor, and she hopes to get you as enthralled with the wonders of the universe as she is. When she's not daydreaming about flying through space, she's daydreaming about bats.
Michelle Starr
2 min read

A new ransomware doing the rounds is one of the most vicious seen, directly targeting specific files and destroying them if you don't pay up.

(Credit: Naked Security)

Ransomware is usually a pretty nasty form of malware. It seizes control of your machine, encrypting your files and demanding you pay a sum of money in order to unlock the encryption. A new one doing the rounds for Windows, however, is particularly brutal. Called CryptoLocker, it targets specific files, meaning once it takes hold, there's no way to retrieve your files except by paying the ransom.

According to Sophos' Naked Security, CryptoLocker attaches itself to your Documents and Settings folder, adds itself to the list of programs that launch automatically when you boot up your PC and scrambles your files using something called public-key cryptography. This uses a pair of keys: a public key that encrypts your data and a private key that is the only thing that can decrypt it.

Once your files — sourced from all folders and drives in your machine based on extension — have been encrypted, a pop-up window gives you 100 hours to pay US$300 via Green Dot MoneyPak prepaid debit card or cryptocurrency Bitcoin before your files are irretrievable.

"SophosLabs has received a large number of scrambled documents via the Sophos sample submission system," Naked Security wrote. "These have come from people who are keenly hoping that there's a flaw in the CryptoLocker encryption and that we can help them get their files back. But as far as we can see, there's no back door or shortcut: what the public key has scrambled, only the private key can unscramble."

CryptoLocker can infect your computer in one of two ways: via email attachment that seems to come from a respected source, such as a governmental bureau (so, as always, be very careful what you open), and via botnet, which capitalises on the fact that a malware is already on your PC and piggybacks by "upgrading" or replacing the malware with its own code.

Naked Security cautions that you perform an immediate scan and clean of your computer to get rid of any possible malware you may have picked up — and don't try paying the ransom. Otherwise, keep your operating system and antivirus software up to date, make sure you keep your files backed up, preferably offline, and avoid opening email attachments from people you don't know.

You can see CryptoLocker in action in the video below.