Computer virus 'CryptoLocker' kidnaps files, holds them for ransom
MILL VALLEY, Calif. (KGO) -- A ruthless computer virus discovered last September is still terrorizing users, and now is making millions off them in the process.
Well, extortion is one of the oldest games in the book. And that's exactly the game that "CryptoLocker" plays. It essentially kidnaps your files, and holds them for ransom. And among its latest victims -- the husband of one of our own producers.
"I looked at my computer, there was a red screen on it, and on that red screen there was a countdown clock," Brian Douglass said.
It happened a few weeks after Douglass opened an email that looked like an Amazon shipping alert, but linked to a website that wasn't Amazon.com.
"I had a pretty bad feeling," he said. "But I forgot about it until the red screen showed up yesterday, which was about two or three weeks later."
Douglass's computer is infected with CryptoLocker.
Over the past few weeks it's been silently scrambling his photos, videos, and documents. And it will only un-scramble them if he pays $400 before the clock runs out.
"I went to Google and looked it up," Douglass said, "And lo and behold, Wikipedia told me I was in pretty bad trouble."
You see, CryptoLocker is notorious. It's called "ransomware" and it's the most well-written piece of this sort of malicious software that experts have come across.
"Completely unbreakable for all practical purposes," said Rambus' Cryptography Division President Paul Kocher. "Like, even if you harnessed the world's computers you wouldn't be able to break the crypto. And that's the kind of ciphers they're using here."
Kocher heads the Cryptography Division of Rambus. He says CryptoLocker uses the security world's best encryption and uses it right.
The only good option is to wipe your computer clean and restore from a backup that's more than three weeks old.
If you don't have one you're left with a choice -- lose all your data or purchase the key to unscramble it.
Bloom: "This really is a business, isn't it?"
Kocher: "Absolutely. There was one recent estimate that the perpetrators have netted somewhere around $27 million from this."
We talked to one user who did pay and did get his data back. But Kocher says not everyone does. Payments are in Bitcoin, electronic currency that's virtually untraceable.
"There's no way to know, really, who is the person behind that address that received the payment," Kocher said.
For Douglass, paying criminals is out of the question.
"I personally do not have 400 dollars' worth of files on this computer that I can't re-create," he said.
He's lost folders full of his grandmother's poetry. That he'll have to re-copy from the handwritten originals.
Though he's always been careful about what he clicks, he notes, "This time they got me."
Kocher says your best defense against CryptoLocker is to back up regularly and keep several old backups going back at least a month.
Though lots of users do pay to get their files back, he recommends you don't. If you pay, you're funding the criminals.
hacking, websites, internet, technology, jonathan bloom
- Missing fisherman's body recovered after accident
- SF officer hurt in crash with armed robbery suspects
- Bay Area man survives avalanche on Mount Everest
- More bodies found inside South Korean ferry
- A's score 3 in 9th, rally past Astros 4-3
- Elderly woman beaten, robbed in Santa Cruz
- 2 men injured in separate shootings in East Oakland
- Woman travels to Vegas to celebrate 103rd birthday
- Hundreds paddle out for surf icon Hobie Alter
- $14M awarded in suit linking contraceptive, stroke
- Sacramento Co. sheriff seeks surveillance footage
- CHP officer struck by hit-and-run driver on Highway 101
- Minimalists find happiness living with less
- weather: Bay Area weather forecast for Sunday