According to Dell safety engineering researchers’ analysis, within 100 days the encryption virus software CryptoLocker invaded at least 200,000 computers, obtaining defraud income of at least $ 380,000 and this figure may be larger.
CryptoLocker encrypted over 70 different types of files, including Microsoft Word and Excel, Adobe Illustrator and PDF files, etc. and asked the victim for $ 300 to unlock their files. In a report released in late December, security researchers conservatively estimated that in the first 100 days at least 200,000 people infected with the virus, about 0.4 percent of the victims paid the fee to CryptoLocker for the decryption key.
Data loss caused by infection of CryptoLocker poses threats and loss to thousands of companies. In the past the majority of ransom ware or rogue security software at most locks Windows desktop until the users pay extortion fees, they don’t actually encrypt or destruct the data. However, CryptoLocker uses encryption technology, which is also used to encrypt files for data security, to encrypt important files, making them unreadable unless the user pay for the decryption key.
“Compared with most ransom ware, the difference is not only the scale of destroy or the competence level of hackers, more importantly, it’s a more pathetic desperation virus: it will destroy your files, and you will eventually lose your important data if you do not pay extortion fees.” Dell’s senior security researcher Keith Jarvis said.
CryptoLocker virus first spread in early September, it disguised as consumer complaints spam emails. When you run the compressed executable file in the attachment, the program will connect to a server and retrieve an encryption key on the Internet. In this way, it encrypts more than 70 different types of files in infected computer system.
“After a series of practice, the malware authors have created a powerful and difficult to circumvent the program,” the report said.
By using this malicious software in the field of monitoring, security researchers found that in late October and early November, nearly 32,000 computer IP address were displayed that having signs of infection of the virus. In the second week of December, there are nearly 6,500 computer IP addresses that showed signs of infection.
According to a statistical graduate student Michele Spagnuolo’s statistics, some infected people use Bitcoin as extortion payments to the criminals. Through analysis of payment Spagnuolo find out the Bitcoin account holder information. Through this way, security researchers discovered in the first 100 days, an account bundled with CryptoLocker collected 1216 Bitcoins which was worth at least $ 380,000.
However, the ransom collected by criminals could reach millions of dollars. Because Bitcoin is a kind of virtual currency, the fluctuations in the value might make the final ransom far exceed the minimum value of $ 380,000 in that period. In addition, there are more than 0.4% of victims possibly pay a ransom.” Security researcher Jarvis said, “I think the total ransom ultimately is at least several times of this number.”