The Cryptolocker Trojan is an evolution of "ransomware," not a revolutionary change from past criminal attempts to extort money from PC owners, a security expert said today.
And the recent media blitz about the ransomware has elements of exaggeration about it.
“有一点炒作的,”约翰的事儿,基于英国,Sophos的资深安全顾问今天说,在接受采访时。“其实,这只是勒索软件的最新的化身。”
[狼吞虎咽起来:Top Tech Turkeys of 2013]
Ransomware is a category of malware that, once on a system, encrypts files and then tries to convince users to pay to decrypt them so they can again be opened. The crimeware has been in active circulation since at least 2005, with traces harking back as far as 1989.
But reports ofCryptolocker今年早些时候首次出现,已经比任何其前任更为突出和持久性。
这是为什么?
"It's taken lessons [from those ancestors] of how to do things better," said Shier, who repeatedly argued that Cryptolocker was not revolutionary, but evolutionary in its tactics and techniques. "It's not the first to use a public key," Shier cited as an example. Public-key cryptography relies on a pair of digital keys, one public, which is stored on the victimized PC, the other private, which is not. Instead, Cryptolocker ships that private key to the cyber-criminals, who hold it until payment is received.
Cryptolocker is newsworthy for several reasons, said Shier, who ticked off the near-impossibility of cracking the encryption; the fact that each compromised PC generates its own public-key pair, so acquiring one private key doesn't help others whose machines have been infected; the encryption of not only local files, but also those on accessible networks; targeting valuable user-made content, not the operating system; and its high ransom price, which can reach into four figures.
The Swansea, Mass. Police Department, for instance, paid $650 for a pair of Bitcoins to get its files back after a PC was infected with Cryptolocker, according to areport by the Herald Newsof Fall River, Mass. Both Swansea and Fall River are in southeast Massachusetts.
At Tuesday's exchange rate, the Swansea Police Departments two Bitcoins would cost more than $1,300.
Sophos, however, has seen very few Cryptolocker-infected PCs among those it protects. According to Shier, of the 16 million covered by Sophos' security software, it's counted fewer than 300 infections.
Shier offered a caveat, however. "It's not that big of a deal in businesses [which is Sophos' forte] because they have other defenses in place," he said, including robust spam filters, attachment blocking and multiple layers of security. "For consumers, it would be a little worse, I think, since many don't have those kinds of tools."
十二同情那些文件被加密Cryptolocker,尽管他坚持所有安全专家的普遍意见,不支付赎金 - 这增加了他们的投资回报率,因此鼓励他们继续 - 说他明白了为什么一些可能会觉得它是唯一的,或者至少是最繁重,解决方案。
SANS备份,Cryptolocker面向用户基本上是出于运气,他承认。虽然恶意软件本身可以相对容易地从系统中擦洗,已加密的文件会保持加密状态。
One piece of advice, however, might help those who see the demand in the future. "Unplug the computer immediately," Shier said, pointing out that on a desktop PC, quick action may limit the damage because it takes time for the malware to encrypt every file it's targeted.
可悲的是,Cryptolocker及其同类部件不会消失l there's no profit to be made. "I don't see any evidence that [ransomware] won't continue," Shier said. "It's all about the monetization. As long as there's enough profit margin enough, they'll keep doing it."
Gregg Keizer涵盖微软,安全问题,苹果,Web浏览器和通用技术重大新闻的计算机世界。按照格雷格在Twitter上@gkeizer, onGoogle+或订阅Gregg's RSS feed。他的电子邮件地址是gkeizer@computerworld.com。
Seemore by Gregg Keizer on Computerworld.com。
Read more about cybercrime and hackingin Computerworld's Cybercrime and Hacking Topic Center.
这个故事,“Cryptolocker:勒索的演变”最初发表Computerworld 。