There has been a massive hack attack on more than 20,000 Australian computers according to SMH and Stay Smart Online. Reports say that thousands of Australian PCs have been frozen and locked by hackers using a software that encrypt all files on the computers. The malicious and damaging software then asks for a ransom in Bitcoin to unlock the computer.
Australian government agencies are closely monitoring and investigating the hacking of thousands different Australian computers. Multiple individuals have already paid the ransom to recover their files.
The malicious software, also know as the Ransomware, which has infected the Australian computers is called “Cryptolocker” that uses the payment wall “CryptoWall” to demand bitcoins as ransom. The infected computers received the ransomware by clicking on a link in an email supposedly from Australia Post. The files on the computers were then automatically encrypted making them inaccessible and useless to the owners. The “Cryptolocker” asks for a ransom to be paid in bitcoin within a limited timeframe. If the ransom is unpaid by the end of the timeframe, the ransomware threaten to encrypt the files permanently.
The software Cryptolocker was first observed in November last year and started to hit different Australian computers in June 2014.
Russian Criminal Group Responsible
The FBI (US Federal Bureau of Investigation) claims that the Russian hacker Evgeniy Mikhailovich Bogachev (30) is leading a criminal group responsible for the ransomware. They estimate that the criminal group has made more than 100 million USD in ransom.
Hard to Stop
New variants of “Cryptolocker” have been discovered since the first ransomware requesting bitcoins as payment was released. Authorities have difficulties with stopping these ransomwares, including different Anti-Virus softwares which often are to no use in the case of “Cryptolocker”. Aaron Bailey, security manager at Australian firm Missing Link Security told SMH:
“We’ve spoken to at least a dozen or so organisations, many of which already have traditional signature-based [malware detection] technologies of various flavours and vendor solutions … that didn’t detect the virus … We believe that each iteration has been modified just enough to escape signature-based [malware] detection, even though the action of the virus is similar and the result is the same.”
The Ransom to be paid in Bitcoin
Some victims of the ransomware “Cryptolocker” have been charged with as much as 1 to 2 bitcoins, equivalent $500 to $1000. SMH reports that even a US police department had to pay the ransom to unlock their computer.
Help on the Way?
Two security companies have worked together on creating a service to combat the ransomware that threatens thousands of computers worldwide. They have made a service called Decrypt Cryptolocker that claims to be able to decrypt the files that have been encrypted by Cryptolocker. However, Aaron Bailey tells that the anti-Cryptolocker service doesn’t always work:
“We have seen this [website] work in some cases to be able to decrypt files and not for others,”
The Best Solution
The best solution to unlock your computer may not be to pay the ransom. One should always have backups of the files that are important, that is one of the greatest lesson to be learned from these events. Store your valuable files in the cloud or on different servers you control, and make sure you encrypt them yourself.
“It is important to note that for many victims, paying the ransom may lead to files being returned to normal. However, because you are dealing with criminals, you should be aware this is extortion and there are no guarantees you will regain access to your data.”
A whopping 41% ends up paying the ransom either way according to a survey released in March.
Read CERT Australia’s, the federal government’s computer emergency response team, own recommendation on how to secure yourself from ransomware like Cryptolocker here.
Images from Shutterstock, FBI and SMH.