The threat because of no digital currency. It

The world around us is changing at
an accelerated pace, technologies become obsolete within months of their
creation. Threats evolve with the same rate and it is a necessity for us to be
aware of threats and attacks in this digital era. Ransomwares are malicious
software or code developed by black hat hackers to launch data encrypting and
lock screen attacks for the sole purpose of ransom. These malwares once
executed, usually deny users access and demand money by cryptocurrencies like
bitcoins, MoneyPak, GreenDot. The first malware extortion was created around 1989
as an experiment but was a big design failure. Researchers kept on working and
identified the concept of “Ransomware” in the late 90’s but it was not a threat
because of no digital currency. It wasn’t until 2005 when the digital currency
was being used, ransomware became prominent.

The main impact of ransomware was
observed through Fall’13 to Summer’14 when Cryptolocker struck the business
world and extorted 3 million USD. Cryptolocker hit like a hurricane and was
just the beginning of a new chapter in Information Security. Even though
Cryptolocker was removed in a short duration but a lot of similar named or
similar tactic based ransomware have been spawned and are striking the market
till date. In addition, affected files could not be recovered without the
ransom payment and at times the files were not recovered even after the ransom
was paid. Keeping in mind the level this ransomware has affected, a group or an
organization is responsible for this exploit. The use of cryptocurrency has
disabled even the cyber law enforcing agencies to find these

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

Since almost 90% of the world
population uses Windows at work or at home so the impact of Cryptolocker was
huge on Microsoft. Quick resolutions had to be produced to control the effect,
but the infected systems had to pay the ransom for their files. Microsoft came
up with a lot of mitigation plans and suggestions which are discussed further
in this paper.



1.  Cryptolocker

Cryptolocker was one the earliest
Ransomware to impact the cyber world forcing professionals to take the
information security aspect more seriously. This attack occurred through 5th
September 2013 to late May 2014 according to experts, and it spread around the
world via emails or Gameover Zues botnet. This botnet unlike its predecessor
uses an encrypted peer to peer communication reducing its vulnerability to
cyber police. The encryptions used by Cryptolocker are RSA or AES 2048 which is
till date considered to be one of the most secured encryption.

Usually Cryptolocker arrives the mailbox
as “*.pdf.exe” file but since Windows by default does not show the full
extension, it is overlooked as just another PDF file. Cryptolocker when enabled
attaches itself to the documents and settings folders, by using randomly
generated names. Also, it attaches itself to the registry and starts every time
the system is switched on. Once attached it tries to connect to random domains
at different time and uploads an Cryptolocker ID file to the connected server.
This command and control server then sends the public key back to the infected
computer. This key starts encrypting files using standard bit encryptions like
RSA or AES-2048. Cryptolocker has a list of files extensions which it encrypts,
this list is shown in the end using an image. Once the encryption of all the
available files is complete either the desktop background changes or a window
is popped up which is referred to as “Payment Page”. This page displays a
message “Your personal files are encrypted” and has a timer of 72 hours, after
which the private key would be destroyed along with the files. On the bottom
right of the window there is next button which would typically take you to
payment options, which are usually done through BitCoin or MoneyPack and a
payment of USD 300 is demanded. There are other ways by which Cryptolocker
could be spread, one of them being through the backdoor of a network.

Windows is the most used operating
system in the world. People use it at home, workplace and any other place they
seem fit. They have a market share of almost 90% which is followed by MAC with
8-10% approximately. Since Windows is everywhere it seems fit that black hats
target windows based vulnerabilities more than any other operating system. A
probable solution for this problem is that we can stop using windows and the
attacks would stop altogether because MAC and LINUX are better in terms of
security. In such a case it is highly unlikely that their security would remain
that secure and the switch would create a chaos in the infrastructure of the
companies. So, it is better to improve the level of security and mitigate
vulnerabilities by a combined effort by Microsoft and companies. As a matter of
fact, Microsoft as well as many companies have come up with mitigation plans
for Ransomwares which are discussed further ahead.

Solution, Prevention and Mitigation

First and foremost, when a user is infected by
Cryptolocker, they should immediately disconnect the system from the internet.
This breaks the connection of the machine from the command and control server
thereby stopping further files to be encrypted. Files once encrypted are very
difficult to decrypt without the private key, the only chance of getting the
private key is either by paying the attacker or the cyber police release some
of the recovered private keys.

Keeping a backup is a good practice and recovering from
backup is the best solution for a Ransomware attack. Another solution to
Cryptolocker was designed by a Dutch Security IT firm which was able to procure
the private keys of Cryptolocker wen the Gameover Zues Botnet was took down by
cyber police. Later, security devices and software which were able to prevent a
Cryptolocker attack and incase infected files enter the system the specialized
tools can deny connection to the command and control server. Some of them are Kaspersky
anti-ransomware tool, Malwarebytes anti-ransomware tool, Watchguard’s XTM tool.
Nowadays, most antiviruses have this anti-ransomware tool.

Preventing Cryptolocker has become difficult with time as
it is more aggressive than its previous versions. Only backing up the files
won’t prevent the problem in the current scenario, but the user must be aware
of the system’s behavior always. While browsing on the internet, unknown sites
or unsecured sites should be avoided and the antivirus should provide secure
email solutions like show hidden file-extensions, filter “.exe” file extensions.
On top of the security, users should be careful while opening new emails from
unknown or known senders, they can be phishing email. One more important
preventive measure is disabling Remote Desktop Protocol (RDP) and files running
from App Data and Local App Data folders.


The world is evolving every day, new threats are generated
everyday with new technologies. We cannot prevent these risks of ransomware or
other malwares altogether, instead we should be prepared to mitigate the
problem in case of risk occurrence. The most effective and fundamental way of
mitigating these attacks is by spreading awareness amongst individuals. Everyone
from a child to an old person is using digital devices and knowing about these
malwares would eliminate the chances of easy attacks. On the contrary, it would
become difficult for black hats to execute a successful attack because most
attacks are successful only when people are unaware of these trojans, phishes
and other malwares. If you use the system in office setup then the network is
secured by updated policies, firewalls and software which will protect us from
attacks but at home users should be extra cautious because their network is not
protected by added firewalls by default. Antivirus would not be able to detect
all malwares, so other added software should be installed for proper
protection. They are:

Real Time Protection: Kaspersky Total security

Malware Scanner: Malwarebytes

Content Blocker: Adblock

System Utilities: CCleaner

Data Backup: Rollback RX(Free)