CryptoDefense Ransomware Virus

As we have provided previously, there has been a bad virus running around for a few months. The virus targets Microsoft Office files, text files, pictures, videos and PDFs.  If infected, the virus will encrypt these files and hold the victims data ransom.

The latest iteration of the cryptolocker virus is known as “CryptoDefense.”   Symantec has analyzed the program and discovered the file encryption is a 2048-bit RSA key.  The virus creators are Microsoft’s infrastructure and Windows API to generate the encryption and decryption keys.  The extortionists are demanding $500 BITCOIN to be paid within a few days.  If you don’t pay on time, the ransom doubles.

According to Jeremy Kirk of Computer World, Symantec has “estimated the cybercriminals received more than $34,000 worth of bitcoin in just a month, showing the effectiveness of their scam.”

In November 2013, the United States Computer Emergency Readiness Team (US-CERT) has issued Alert (TA13-309A) which outlines details and recommendations for dealing with CryptoLocker Ransomware Infections.   See:

Our recommendation is to ensure you have a current on-site and off-site backup.  Frequently update and verify your backups.  Non-compressed backups (or copies) of your files stored on an external hard drive will fall prey to the malware if your system is infected and the drive is plugged in.  Off-site backups which use a mapped drive also can become infected.