New Form Of Ransomware Contains Loophole For Victims

Ransomware concept

Ransomware is a particularly troubling form of malware. It’s capable of encrypting your files and preventing you from accessing them until you pay a fee. In many cases, the encryption used in these attacks is so strong that users are forced to decide whether to pay or lose the affected files forever. As Jeremy Kirk reports at Network World, one ransomware program makes a mistake that allows users an out.

Late last month, a ransomware program called CryptoDefense began victimizing users. It features the same characteristics as other ransomware. For example, it encrypts your files, specifically using a 2048-bit RSA key. It then takes the key needed to decrypt the files and sends it to the attacker’s server. The difference is that, while CryptoDefense asks for a ransom payment, you don’t need to make one to get access to the key.

The makers of CryptoDefense designed the malware with a critical hole. The key needed to decrypt the files is sent to the attacker’s server, but it’s also stored on the victim’s computer in a file folder. Users with some know-how are able to find the key and unlock their files without making any payments.

Most commonly, CryptoDefense finds its way onto computers via spam email messages. Those that mistakenly open the messages and download the attachment, usually a file disguised as a .PDF, are actually installing the ransomware.

The attackers behind CryptoDefense have collected more than $34-thousand in payments with victims in dozens of countries. With this news, users need to understand that they hold the information they need to defeat the ransomware.

If you’re infected with CryptoDefense, don’t pay the ransom.

If your computer is infected with any type of malware, bring your infected device to Geek Rescue or call us at 918-369-4335.

April 1st, 2014