What is Cryptolocker/ransomware?

Share this article

Hopefully you’re visiting this page out of curiosity and not because you haven’t fallen subject to ransomware. Ransomware and letters of extortion often rely on payments by bitcoin, cash or gift card codes due to their anonymity. Below we explain in detail how ransomware such as Cryptolocker works and measures you can take to ensure you’re best protected from such scams.

What is cryptolocker?

Cryptolocker is a trojan ransomware that circulated between September 2013 and May 2014. It was an executable file that once opened would encrypt files on your computer and demand a ransom to unlock them. A file would also open on the desktop giving instructions on how to send a payment in order to decrypt the files.

Screenshot of a cryptolocker: note that the ransom is to be paid in dollars.
Screenshot of a cryptolocker: note that the ransom is to be paid in dollars.

The warning would display a countdown timer with a warning that your files are encrypted and that when the time was up, your private key would be destroyed. Payment options were limited, one being bitcoin.

This was a genuine piece of malware and files really were encrypted. It was a case of pay up or your files are gone forever.

Safety measures against ransomware


First and foremost, the most important safety measure you should be exercising is a good antivirus. Having your windows defender activated is also an extra layer of security. Keep settings to default and if you don’t know what you’re doing, its best to leave it alone. Deactivating any security functions of your antivirus is a big no-no, especially if you’re doing so to that you can open something!

Viruses and malware can sometimes slip through the gaps and therefore it is advised you never open executables (.exe files). Files can even be deceptive and appear to be a pdf when in fact it is not. A file might have the extension .pdf, when it is in fact an .exe. The bottom line is, don’t open files from unknown sources.

Extortion

There have been instances of people trying to extort users online and requesting payment in cryptocurrencies. Extortion is a different method of getting people to pay up some of their crypto but it falls into the same unethical category. In most instances, users will receive an email, however some users have even received a letter in the post. It alerts users telling them they have their entire search history, often citing that they know their porn preferences. Of course, many people prefer that their private lives stay private. So what can they do? The sender of the email tries to extort a typical amount of a thousand euros or so. They are asked to pay in bitcoin within a couple of days. It doesn’t stop there, physical letters are often addressed to a household member with their first name. It explains that they have evidence that they are cheating on their wife. Pay up or fess up.

It’s a brutal extortion method and the criminals use bitcoin or other cryptocurrencies as they are not linked to real identities.

What should I do I’m of being extorted?

Each persons case can be unique in case of extortion. If you are being personally targeted and the perpetrator has evidence against you, then the decision is yours. You can go to the police but ultimately you will have to decide if you want to pay the extortion fee or not. In most cases however, the extortion letter you receive is a generic one. It is sent to thousands of addresses in the hope that a few people can’t handle the pressure and cough up. In the case that it is a generic letter, BTC Direct advise against paying the extortion. If you’re in such a position, don’t hesitate in contacting our support team. By coughing up, you are further fueling the future enticement of these criminals.

WannaCry

A more recent form of ransomware is the malware called “WannaCry”. It followed the same method as Cryptolocker, except this time the malicious script was much more intelligent. The script was able to detect other vulnerable systems across the globe and spread automatically. In geeky terms this is called a worm or a cryptoworm. The code was so malicious that it managed to spread to over 200,000 computers in just four days. Users were strongly encouraged to not cough up the ransom to discourage future attacks. There was also no evidence to suggest that paying the ransom would decrypt the files.

Screenshot of the Wannacry cryptolocker
Screenshot of the Wannacry cryptolocker

The WannaCry cryptoworm exploited the old operating system Windows XP. Security patches and updates have long been deserted and therefore overtime became easier to exploit. To avoid such catastrophe, using an up to date operating system would have prevented any sort of attacks.

Once the dust had settled, the damage caused was monumental. The most notable impact was the damage caused to the NHS in the United Kingdom. Many systems were still running old versions of Windows XP. The damages were huge and the effects were long-lasting.

Summary

If you fall victim to a ransomware then you’re not in good shape. It will not be known if your ransom payment will even be successful. Extortion is a much rarer form of criminal activity compared to ransom, it is also less effective. Extortion is very unlikely to be genuine and in most cases no action need be taken.

Share this article