A Unique and Dangerous Computer Malware
In this article, I will discuss a very dangerous Malware or virus that is different from other viruses.
As the name indicates, this virus get control of user data files. It's a kind of malware that first infect the system and send information about a computer to the creator or author. The server located in an unknown location assigns a specific id to the infected machine and generate a pair of public and private key. The virus first look for all kinds of file extensions (like word, excel, PDF and photos). It looks for data files on the infected computer, USB flash drives connected to it and any mounted network storage. Once it determines what files to target, it then encrypts them with a public key and displays a popup on the main screen. The files can still be seen with original names and file size but when the user clicks to open a file, they get a message that “the file is damaged or is not the right file format”. The popup says something like this “your files have been encrypted. If you want to decrypt them, you need to pay $300”. It then starts a clock that goes backward from 72 to 0 hours and as soon as the 72 hours time is passed, the private key, is destroyed and files cannot be decrypted again.
The way hackers ask for money is the same as another type of virus these days, where the malware fills the whole computer screen with a window with a very legitimate looking notice from the government saying something like “you have been involved in illegal activities and pay $100 via ucash at certain gas stations”. In case of this malware, the hackers ask users to pay money using two methods. One is a virtual voucher and the other one is prepaid card that cannot be traced. These two methods are time consuming and it is believed that, the time is not enough to complete the process. This causes a delay so the hackers changed their strategy. They started online customer service offering the user to pay more money ($2300). So far there have been no reports if someone has actually got their files back after paying $300.
Who are and what kind of computers, are the target? Research shows that businesses are mostly affected in the US and Canada. The virus is sent via email attachment mostly from famous courier companies like UPS and FedEx. The virus runs its processes in the background without the user knowledge. So far all PC computers, laptops and servers are being affected. There have been no reports of attacks on Apple Mac computers and MacBooks. Mostly those computer are infected which are not protected with a good antivirus and firewall. It is very important to explain the behavior and removal process of a virus here. When a computer or laptop is infected with a virus, it's not easy for the user to get rid of it but computer experts can remove it without any problem. A computer technician usually uses different tools and antivirus programs to clean an infection. In the worse case, a computer can be backed up and then wiped out to remove malware and viruses but damage of this new malware cannot be undone using these methods which makes it the most destructive virus of all times.
What is the line of defense against this Malware? What we need to do to avoid this kind of irreversible damage? Data recovery is not possible after its infection because the private key is stored on hacker's servers. In regards to protection, first of all every windows computer must be protected with a good antivirus like Norton etc. Second, email and email attachments should not be opened. Hackers are using very advanced methods to trick people. A lot of times, computer users are trapped in such a way that they don't even know what happened. This results in a serious infection. Every user should backup their data to an external hard drive and disconnect it from the computer because if this virus exists, every backup attempt will update the old backup with the infected one. Online backup is not recommended. Online backup is updated regularly which overwrites data with the infected one. USB flash drives should not be connected to the computer all the time.
In this article, I tried to have discussed about a new approach used by hackers to gain control of computers and make illegal money. I have also discussed how this virus attacks computer systems and how it can be avoided.
About the Author
Submitted on: 2013-12-02 06:45:00