New malware demands $300 ransom after encrypting victims' files

Computer security firm Quick Heal has revealed that it has found a new malware that is afflicting quite a few computers, a lot of these being Indian. The malware apparently encrypts victims’ files and demands a ransom $300 for the decryption through prepaid card services like Bitcoin, UKash or MoneyPak, which allow for anonymous payments.

This type of malware is popularly known as ransomware and is spread using social engineering tricks, especially through emails such as fake FedEx or UPS tracking notifications with attachments. Once the victim opens these email attachments, the malware, dubbed CryptoLocker, gets installed and starts scanning the hard disk for all kinds of documents.

Users will have to be careful with what emailers they open attachments from

This include images, videos, documents, presentations and spreadsheets. After this, it encrypts these files, converting them into an unreadable format. The malware then pops up a message through which it demands the victim to pay up $300 to buy a private key to decrypt the files. It also apparently has a time limit which the payment must be made, displayed at the bottom of the message.

CryptoLocker uses a unique RSA encryption method of public private key pair to encrypt each of its victim’s data. It is not possible to decrypt the files encrypted in this way until the user has access to the private key. The malware stores the private key on its command and control server, the location of which is currently unknown.

Since the decryption key is not stored locally on the infected computer, it is very difficult to decrypt the data encrypted by this malware. The malware gives a time limit of up to 100 hours to pay the ransom and get the private key to decrypt the data. If the amount is not paid it destroys the private key and the encrypted data is locked forever with no way to recover it.