Computer virus 'CryptoLocker' kidnaps files, holds them for ransom
MILL VALLEY, Calif. (KGO) -- A ruthless computer virus discovered last September is still terrorizing users, and now is making millions off them in the process.
Well, extortion is one of the oldest games in the book. And that's exactly the game that "CryptoLocker" plays. It essentially kidnaps your files, and holds them for ransom. And among its latest victims -- the husband of one of our own producers.
"I looked at my computer, there was a red screen on it, and on that red screen there was a countdown clock," Brian Douglass said.
It happened a few weeks after Douglass opened an email that looked like an Amazon shipping alert, but linked to a website that wasn't Amazon.com.
"I had a pretty bad feeling," he said. "But I forgot about it until the red screen showed up yesterday, which was about two or three weeks later."
Douglass's computer is infected with CryptoLocker.
Over the past few weeks it's been silently scrambling his photos, videos, and documents. And it will only un-scramble them if he pays $400 before the clock runs out.
"I went to Google and looked it up," Douglass said, "And lo and behold, Wikipedia told me I was in pretty bad trouble."
You see, CryptoLocker is notorious. It's called "ransomware" and it's the most well-written piece of this sort of malicious software that experts have come across.
"Completely unbreakable for all practical purposes," said Rambus' Cryptography Division President Paul Kocher. "Like, even if you harnessed the world's computers you wouldn't be able to break the crypto. And that's the kind of ciphers they're using here."
Kocher heads the Cryptography Division of Rambus. He says CryptoLocker uses the security world's best encryption and uses it right.
The only good option is to wipe your computer clean and restore from a backup that's more than three weeks old.
If you don't have one you're left with a choice -- lose all your data or purchase the key to unscramble it.
Bloom: "This really is a business, isn't it?"
Kocher: "Absolutely. There was one recent estimate that the perpetrators have netted somewhere around $27 million from this."
We talked to one user who did pay and did get his data back. But Kocher says not everyone does. Payments are in Bitcoin, electronic currency that's virtually untraceable.
"There's no way to know, really, who is the person behind that address that received the payment," Kocher said.
For Douglass, paying criminals is out of the question.
"I personally do not have 400 dollars' worth of files on this computer that I can't re-create," he said.
He's lost folders full of his grandmother's poetry. That he'll have to re-copy from the handwritten originals.
Though he's always been careful about what he clicks, he notes, "This time they got me."
Kocher says your best defense against CryptoLocker is to back up regularly and keep several old backups going back at least a month.
Though lots of users do pay to get their files back, he recommends you don't. If you pay, you're funding the criminals.
hacking, websites, internet, technology, jonathan bloom
- Crews demolishing building in Mission Bay fire
- Parents discuss Oakland school assaults with police
- Man looks to move forward after Peninsula boat crash
- South Bay hospital top notch for treating strokes
- Fairfield man arrested for biting off infant son's nose
- City College San Francisco protests lead to arrests
- Stockton Tunnel reopens after water line break repaired
- 2 men arrested for possessing explosives
- Baby kangaroo makes debut at zoo in Sydney
- Unexpected backlash after CPSC recalls Fitbit Force
- 5 things you may not know about Pope Francis
- Photos: Meet the stars where you live
- roundup: Vacaville police chief; South Bay fireworks
- weather: Bay Area weather forecast for Friday