Alert: Malware tricks users into downloading CryptoLocker decryption tool

Posted by Manny Veiga on Jun 17, 2014 9:40:00 AM

Find me on:

Reports say cybercriminals are taking advantage of the recent news coverage around CryptoLocker to launch a phishing attack that tricks victims into paying for bogus software.crilock

Bullguard Security says it has identified a spam email campaign that offers a CryptoLocker “decryption tool,” which it claims can restore access to files that CryptoLocker has infected and encrypted.

Attackers are hoping to drum up hysteria from victims who might have heard or read about CryptoLocker recently. The Today Show aired a segment on CryptoLocker just this morning, warning users against opening unfamiliar emails and reporting that several copycats are on the way.

One of those copycats – called Cryptowall – is now following in CryptoLocker’s footsteps, collecting tens of thousands of dollars in only a few weeks.

As we explained in our CryptoLocker Tech Guide, CryptoLocker is ransomware that encrypts a victim’s files and demands payment before restoring access. The malware’s encryption scheme is far too complex for any one tool to decrypt, and the only way to recover from an infection is to restore one’s files from a previously saved backup.

Users who download the “decryption tool” are actually installing malware, Bullguard says. The program claims to scan the user’s computer and finds severe registry errors, which it says it can fix if users pay for the full software.

That payment, of course, ultimately only funds the criminals behind this social engineering scheme.

The Bullguard alert speculates that more cybercriminals could take advantage of the media hysteria around CryptoLocker to trick victims into downloading fake decryption tools or remedies.

In reality, CryptoLocker is mostly on the ropes. Our own Paul Hanley blogged last week that, thanks in part to the U.S. Justice Department’s investigations this spring, the command and control servers behind CryptoLocker have been shut down, rendering the virus ineffective.

What’s the best way for IT services providers to protect their clients?

Keep your SMBs informed – Let your customers know spammers may try to convince them their system has been infected to trick them into downloading bad software.

Follow basic security best practices – Instruct your SMBs not to open suspicious emails or download strange attachments.

Manage security software – Your customers shouldn’t be installing any security software you haven’t approved, including those claiming to be “decryption tools” or malware remover kits.

Protect your SMBs’ data – If you take a proactive approach to backup, you can ensure your clients have a clean set of data to restore if they are hit by a malware infection.

 

Topics: Malware