By now, most people have heard of CryptoLocker, a nasty piece of "Ransomware" that encrypts the document and jpeg files on your hard drive and then gives you a period of four days (up from three, I believe), to pay a ransom of $300 US or 300 EUR, or 2 Bitcoins (there are reports saying it is down to a half) to obtain the private key required to decrypt the files.
All I've known about it to this point was what I read in accounts by others, and listening to Security Now! on the TWiT Network. That is, until episode #431 of Security Now! when the host, Steve Gibson of grc.com, announced that he had obtained a copy of the malware (it wasn't CryptoLocker, but then he did get it) and asked if anybody wanted to "play with it" he would send them the file. I decided to take a chance and he sent me a link to the file. I have an old netbook that was doing nothing but collecting dust, so I installed Windows 7 on it and then I added some photos and documents to the drive so it would have something to work with since I wasn't sure if it only targeted the Documents folder. Then, nervously, I extracted the .exe file and double-clicked it. I was expecting something immediate, but nothing happened.
Image 1 |
I had to leave the house for a few hours, so I left the computer running while I was gone. When I returned home there was a message on the screen...
(Image 2) The Netbook has a small screen, but there is a "Next >>" button at the bottom of the window.
Image 2 |
(Image 3) The Bitcoin screen. Needless to say, the CryptoLocker folks will not be getting any money out of me.
Then I tried one last test on this infection, I emptied the default sandbox. I kept the Task Manager running when I hit delete and the two processes that were CryptoLocker went away. There was no sign of it anywhere. I let the computer sit for a while, I ran system updates, opened files, and surfed the internet. It was gone.
I shut the computer down overnight while CryptoLocker was still running in the sandbox, but when I started the computer in the morning, CryptoLocker wouldn't run. So, I emptied the sandbox and ran it again.
This is not an ad for Sandboxie, but it is the best known free sandbox program available. As I have demonstrated here, it can protect your files from CryptoLocker and can be cleared out quickly and easily. Would I run this experiment on my main PC which contains tons of at-risk, work-related documents using Sandboxie? If I had to, sure. Will I? No.
I would not recommend running this experiment at all unless you are willing to take the risk or are a professional (I am not the latter at all). The only reason I did it is because I happened to have a computer laying around doing nothing. I also kept careful watch on my main computer's Task Manager, but it does not wander around the network apparently.
No comments:
Post a Comment