Ever since computers have been in existence, malicious software has evolved through various stages of destruction and mayhem. Over the past few years, the more objective oriented adversaries have focused their efforts on quietly stealing either credentials to financial websites or intellectual property and secrets.
In the ongoing analysis of fraud cases and threat intelligence spanning over a decade, a pattern emerges that presents us with a reality in cybersecurity today. That is, that the active threats from Eastern Europe (predominately Russia) target attacks to steal money and active threats from China target attacks to steal trade secrets (one could argue that China already has a significant financial stake in the US so they don’t want to rob themselves).
The Russians are currently distributing, with great success, one of the most destructive genres of malware dubbed ransomware. This ransomware, CryptoLocker, has evolved over the past year from just being a nuisance into the ability to successfully extort money from its victims. Pay up or they will never be able to access their files again and businesses could then face shut down.
The ransomware is currently only designed for the Microsoft Windows platforms, which affect the majority of individuals and businesses. There are currently no variants for Apple OSX, Linux or mobile/tablet devices. However, financially motivated malware has been designed for Android in the past and might again with this success.
CryptoLocker is predominately delivered through phishing emails indicating that they are from FedEx or UPS regarding their supposed shipment of packages. An attachment to the email contains the CryptoLocker ransomware that encrypts (in a bad way) files on the local hard drives, network attached drives, and attached external media (USB flash drives). While decrypting encrypted files is sometimes possible after the software is dissected, that luxury is not possible with this malware right now.
This destructive malware has wreaked havoc for both businesses and individuals who need access to their files. In some instances, even the “trusted” backups of the files are encrypted.