Meanwhile, a UK research study found that a staggering 41% of Cryptolocker victims said they agreed to pay the ransom to get their files back, a percentage that the researchers said was “much larger than expected.”
Cryptolocker infects a victim’s PC and proceeds to encrypt all the files on the hard drive, including photos, videos, and other documents. A warning screen from the criminals tells victims to pay a ransom in electronic funds within 72 hours, or else the private encryption key held by the attackers will be lost, and the files inaccessible forever.
Experts tell us that paying the ransom is a fool’s game of chance that the ransom-takers will follow through and give you the key to decrypt your files once you pay. But it seems enough people cave in to the demand, rather than permanently lose their personal treasure trove of digital files, to make unlocking them good business for the cybercriminals.
In the UK research survey, 17 of 41 victims said they were willing to pay the ransom-takers to get their files back. That number, 41%, is much higher than in previous estimates by security companies, by as much as 10 times. The researchers noted the potential for survey bias in their report, but the overall results showed a “much-higher than expected” number of people saying they had been victims of Cryptolocker (at around 3.4%) and other types of ransomware (6.4%).
The package delivery spam attack is the second wave of fake Royal Mail messages carrying Cryptolocker in recent months, according to the Guardian, which also reported that 10 million email addresses were targeted in the UK and there have been as many as 250,000 victims in the UK alone.
How to stay safe from Cryptolocker
There is no chance to break the encryption, so even removing Cryptolocker won’t get your files back. We advise that you always keep your computer protected with security software, and back up your files so you can always retrieve them. Also, don’t open attachments in emails from people you don’t know — the cyber crooks are especially good at tricking people through social engineering.
Learn more about Cryptolocker
At SophosLabs, our own researchers have tracked Cryptolocker since it first emerged in September 2013. Our coverage of the October 2013 outbreak can be found here.
- Read our FAQ for Sophos Customers
- Watch a video of Cryptolocker in action
- Download our Security Threat Report to understand new malware threats