CryptoLocker Ransomware & WhatsApp Scam - What Are They?

  

CryptoLocker Ransomware & WhatsApp Scam - What Are They?

Ransomware is the generic term for a malicious virus that will typically render your computer inoperable and ask you to pay a fee or ransom to regain control. These threats can usually be removed without paying up, by  using a decent anti-virus program or malware removal program.

CryptoLocker is different. Your computer and software keep on working, but your personal files, such as documents, spreadsheets and images, are encrypted.

CryptoLocker is a ransomware program that was released around the beginning of September 2013. This program will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 to 96 hours to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files.

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

Please be aware that currently, there is no tool to that will successfully decrypt the locked up files. The virus can be removed and the files may be recovered from an unaffected backup, if available, or by utilizing the Windows built-in utility of restoring a shadow copy of a file.

The WhatsApp Scam starts with an email looking like this -

It says that you have received a voicemail and suggests that you download a small application to listen to it. It tricks the user into thinking that this is related to the legitimate IM application, WhatsApp. After it installs, it disables your computer and demands a payment to return the computer's functionality. It can also attack a smartphone such as the Android phones. The virus can be removed from your computer but it will take several hours.

These two latest malware scams show the importance of maintaining a good computer security program and having an up-to-date backup of your critical information, preferably offsite.

FBI Virus

A client called and said that he has the FBI virus on his computer. He was just on the internet when his computer is locked with a blue screen supposedly from the FBI. The screen spoke of a legal violation and demand for immediate payment by a MoneyPak purchased from Walmart or CVS.  This is obviously a "ransomware" scam. The sender of this scam hopes that by scaring the computer user and locking the computer, they will be the recipient of a ransom payment.

I booted the computer up with Hiren's Boot CD   http://www.hiren.info/pages/bootcd. This allowed the computer to bypass the hard drive and boot solely from the CD. Once booted in a graphical GUI environment. I was able to reach the  internet, download the latest version of Malwarebytes (one of the better malware and spyware removal tools) and remove the virus.

The computer was back to normal after a 2-3 hour scan and the client was a happy camper.