CryptoLocker Ransomware Likely Grabbed Millions of Dollars
Researchers at Dell Secureworks estimate that the botnet infected at least 200,000 machines and garnered a minimum of $380,000 in payments, but likely much more.The technically savvy CryptoLocker ransomware compromised at least 200,000 computers and netted the criminals behind the scheme a minimum of $380,000—but more likely millions—in its first 100 days, according to an analysis conducted by managed-security firm Dell Secureworks. CryptoLocker encrypts more than 70 different types of files on systems—including Microsoft Word and Excel, Adobe Illustrator and PDF files—and requires that the victim pay $300 for the key to unlock their files. In a report published in late December, Secureworks researchers conservatively estimated that at least 200,000 people were infected in the first 100 days and that 0.4 percent of victims paid the CryptoLocker gang for the decryption keys. CryptoLocker has threatened thousands of firms with the specter of data loss, because a single infection also encrypts data on any connected network drives. In the past, most ransomware and rogue security-software attacks have essentially amounted to bluffs, locking the Windows desktop until the user pays, but not actually encrypting data. CryptoLocker, however, uses a combination of encryption techniques to scramble important files, making them unreadable unless the victim buys the decryption key, Keith Jarvis, senior security researcher with Dell Secureworks, told eWEEK. "What sets it apart is not just the size and the professional ability of the people behind it, but that—unlike most ransomware, which is a bluff—this one actually destroys your files, and if you don't pay them, you lose the data," Jarvis said.
CryptoLocker started spreading in early September, initially disguised as spam email messages that appeared to be consumer complaints. When the attached zipped executable file is run, the program connects to a server on the Internet to retrieve an encryption key. Using that key, the program uses Microsoft's CryptoAPI to encrypt more than 70 different file types on the victim's system.