For this blog post, I would like to take the time to answer some questions posed by some readers of my blog who wanted to know more about CryptoLocker. And these were such good questions that I decided to make a blog post out of them. In order to respect the privacy of others, I will not publish names or email addresses.
Question #1: "If someone paid the ransom, would they send you the key?"
Answer: The way CryptoLocker does it is automatic once your payment has been processed. No need to enter in a key. Please note that there will most likely be copycats of this ransomware that will be less honest. Like not decrypting the files when you pay.
Question #2: "Would using a sandboxed browser prevent the infection?"
Answer: A sandboxed browser would protect users from some vectors of attack. There are two main methods that CryptoLocker is spreading.
1. Old school email attachment Trojans, which trick you into opening an email attachment.
2. Botnets. Which are computers that have been hijacked by the malware writers and have unwittingly become vectors of infection.
Neither of these methods would be effected by a sandboxed browser, at least in the short run. A sandboxed browser might prevent some botnets from coming in. But if you already have the botnet, it is too late unless you remove the botnets first.
Question #3: " Is any antivirus software able to block CryptoLocker?"
Answer: Some can catch it before it gets on your computer. And as time goes on, antivirus software will be better at catching this. Right now, quite a few pieces of antivirus software can only detect the ransomware AFTER you are infected and your files have been encrypted.
That said, the goal of any malware is to go unnoticed by antivirus software for as long as possible. And it really does not take the much of a modification to the code to ensure that it is not detected by antivirus software.
Question #4: Do you know if the NSA has a backdoor to whoever wrote CryptoLocker? If they have a backdoor, then surely they would be able to retrieve the key that CryptoLocker uses, right?
Answer: Before I get on with my answer, I would like to thank the person who asked the question. If you are reading, thanks for thinking out of the box.
I really do not know if the NSA has a backdoor to whoever wrote it. If they do, they will likely not release the backdoor to the public.
But I do know that the US Government is at least looking into this. It seems that CryptoLocker has hit some of the FBI's servers. And it would be wise of any government to investigate a cybersecurity issue if it starts knocking on the door loudly like CryptoLocker has.
Thank you for reading. And if you have any comments or questions about CryptoLocker, comment below. I just might use your question in a future blog post.
No comments:
Post a Comment