The new plague: Computer viruses that extort you

July 10, 2014: 11:20 AM ET
cryptolocker
The FBI cut off communication between the Cryptolocker ransomware network and victims' computers. But the virus lives on.
NEW YORK (CNNMoney)

Ransomware, a particularly annoying breed of computer virus, is spreading like the plague. This malware locks you out of your computer files until you pay up -- and it is proving incredibly difficult to exterminate.

A major ransomware operation called Cryptolocker was supposedly halted by the FBI in May. Not so fast, security experts say. It's only a setback.

Cryptolocker used a massive network of hijacked computers called a "botnet" to spread the virus. The FBI, foreign law enforcement and private security companies teamed up to cut off communication between that botnet and victims' devices. They seized Cryptolocker's servers and replaced them with their own.

But as antivirus maker Bitdefender points out, all that accomplished was to stop Cryptolocker's virus delivery system. Cryptolocker lives on, and its criminal masters just need to find a new botnet to start delivering viruses to new computers once again.

If the criminals tweak the virus' code and find a different set of servers, law enforcement is back at square one.

How safe are you? Read CNNMoney's cybersecurity Flipboard

"All the attackers need to do is update the malware," said Bogdan Botezatu, Bitdefender's senior threat analyst.

In just nine months, Cryptolocker had kidnapped the files of 400,000 people -- most of them Americans. Victims were told to pay $300 within three days in order to receive the key to their files. Only a tiny fraction of them paid up, but the criminals still collected more than $4 million.

"This is a cyber stickup," said Julie Preiss, an executive at Damballa, a cybersecurity firm that assisted the FBI operation.

Even after Cryptolocker was disrupted, victims can still pay the ransom. But without the ability to communicate with Cryptolocker's network, the victims won't be able to get the keys to unlock their files. Those are gone forever.

And now copycats are popping up just about everywhere.

Who gets caught in the NSA's net?

Cryptowall is the most widespread. Researchers at Dell SecureWorks took a tiny snapshot of the entire network and spotted 9,798 infected devices -- about half in the United States. Among the damage: computer files at a small town's police department in New Hampshire. SecureWorks researcher Keith Jarvis estimates Cryptowall is raking in about $150,000 a week.

BitCrypt and CryptorBit found a sneaky way to avoid law enforcement by hiding the locations of the botnet's servers. Researchers at ESET discovered a malware called Simplocker that hijacks files on Android devices. CryptoDefense is another raking in money.

Stopping them won't be easy, said Stephen Cobb, a senior security researcher at ESET.

"The bad guys recognize that Ukraine or Thailand -- countries without effective governments at this point -- are great places for doing this stuff," he said. "Dealing with the problem becomes a geopolitical thing."

Get used to the term ransomware. It's here to stay.


Search for Jobs