CryptoLocker Virus at NASA
Even NASA Got Infected With ‘CryptoLocker’ Ransomware, Motherboard
“Between September 2013 and June 2014, a virus known as CryptoLocker infected around 500,000 computers around the world. Designed to lock data on a victim’s computer and hold it for ransom, it ended up extorting an estimated $3 million from victims who agreed to pay rather than lose their files. Among those victims of Cryptolocker were two NASA computers, according to an internal document obtained by Motherboard. The ransomware virus infected a computer at the NASA Ames Research Center in California on October 23, 2013, “resulting in the loss of access to NASA data,” according to the document. It also hit another computer at the visitor center of the Kennedy Space Center in Florida two days later. The document was prepared by the NASA Office of Inspector General, and is scant on details.”
Time the developers and operators of CryptoLocker were found and arrested. To be held without bail on the grounds that this is a continuing offence. Their bank accounts frozen and assets confiscated as proceeds of crime.
Virus checkers upgraded to detect CryptoLocker. The DOD is the regulatory agency for that. The how to decrypt information should be published, possibly as a computer program.
Trying to find the people distributing/using CryptoLocker is likely to be as successful as hunting hackers. As for decrypting infected computers, if it were easy it would be likely that someone would have already found away. I wouldn’t count on decryption being a solution in the near future.
Maybe not in the near future, but almost a year ago:
http://www.pcworld.com/arti…
As for the authors, they were found, too, over a year ago:
http://www.usatoday.com/sto…
In a blackmail situation you catch the perpetrators by following the money.
Following Bitcoins is like trying to follow a trial in complete darkness.
You can’t freeze a Bitcoin wallet. It will be difficult to find them also. They did manage to find the Silk Road guy, but that was through a combination of various hints, good police work, and maybe some white hat hacking. http://arstechnica.com/tech…
If it uses solid encryption practice (not all do and it can be difficult to), there really isn’t any “how to decrypt information” without the key, or some extremely unlikely breakthrough in decryption of the encryption algorithm used. This one must have had a vulnerability that maybe the developer was comfortable with, and the security researchers were able to find, but the next one might not. And finding the people would help, but the code bits are out there for other people to use too. So yeah, it’s really down to good practices and virus checkers, but it’s a difficult one. And of course backups!
I’m a programmer that uses encryption and I work for a data recovery company.
No problem. Just use the backups. Right?
Some variants can be recovered from fully or partially (usually with the help of a data recovery firm), and others do “proper” encryption and there is no getting the files back without the key. Of course paying the ransom just increases the likelihood that more bad guys will put their efforts into it.