Infected users also have a time limit to send the payment. Currently, infected users are instructed to pay $300 USD to receive this private key.
The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.
This ransomware is particularly nasty because infected users are in danger of losing their personal files forever. Payment often, but not always, has been followed by files being decrypted. Many say that the ransom should not be paid, but do not offer any way to recover files others say that paying the ransom is the only way to recover files that had not been backed up. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.Īlthough CryptoLocker itself is readily removed, files remain encrypted in a way which researchers have considered infeasible to break. The malware then displays a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline, and threatens to delete the private key if the deadline passes. When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. A CryptoLocker attack may come from various sources one such is disguised as a legitimate email attachment. CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows and first surfaced in September 2013.
0 kommentar(er)
