Malware demands ransom from businesses

  • Article by: VIRGINIA BRIDGES  , Raleigh News & Observer
  • Updated: January 23, 2014 - 7:51 PM

Many with infected systems find that paying up is the easiest way out.


Craig Petronella has a company in Raleigh, N.C., that helps when people or businesses are hit with a computer virus. There is a new kind of ransom virus called CryptoLocker going around that locks a computer unless money is paid electronically to the hackers.

Photo: Chris Seward, Raleigh News & Observer/MCT

CameraStar Tribune photo galleries

Cameraview larger

“Everything was just crawling,” said Wilson, president and co-owner of Apex Cary Insurance in Apex, N.C.

Wilson called Raleigh-based Petronella Technology Group, which asked if he noticed anything like a ransom note.

Sure enough, Wilson found a pop-up on one of the monitors asking for $300 in exchange for a key that would unscramble all of the business’s files that it had encrypted.

Wilson’s company had been hit by ransomware, which is a form of malware — or malicious software — that infects a computer and its connected systems, and then demands a payment. The attackers are likely criminal organizations based in Russia and Eastern Europe.

The company’s digital files had been scrambled by Crypto­Locker, a version of ransomware that first appeared in September. It has since infected about 25 million systems across the globe, about 70 percent of which are in the United States, according to Keith Jarvis, senior security researcher with the Dell SecureWorks Counter Threat Unit.

CryptoLocker appears to be spreading through e-mails that lure victims into opening them, according to a November alert issues by the U.S. Department of Homeland Security’s Computer Emergency Readiness Team.

The CryptoLocker infections offer a glimpse into criminal organizations that work together, using the Internet to gain personal information in order to sell it or use it to steal from bank accounts.

Ransomware has been around for years, but untraceable and unregulated virtual currencies have fueled increasing attacks, according to a McAfee Labs report on 2014 threat predictions.

Defense options, the report and experts said, include not opening suspicious e-mails and keeping antivirus software and patches current. An effective computer file backup structure also will minimize risk.

Dell researchers, Jarvis said, have observed Crypto­Locker being distributed through cyber criminals working together to mine personal data using different malware, such as botnets — a network of infected machines that communicate with controlling cyber criminals.

Gameover Zeus, one of the most notorious and sophisticated botnets involved in online banking fraud, is distributed by the Cutwail spam botnet, which uses e-mail attachments to lure users. After an attachment has been opened, Upatre malware downloads and then executes Gameover Zeus, which brings in other malware families, including CryptoLocker.

Dell SecureWorks has seen variants of Zeus go after small and medium-sized businesses because they are usually less secure, said Elizabeth Clarke, a spokeswoman for Dell SecureWorks.

CryptoLocker victims should take an inventory of their files and have off-site backups available to recover infected data. It’s easy to remove CryptoLocker, Jarvis said, but the machine could still be hosting Gameover Zeus and other malware.

“Everything on the machine is suspect,” he said. Infected equipment should be taken to a professional, who can reinstall the operating system from a clean source.

Craig Petronella, president of Petronella Technology Group, has seen three small businesses hit with Crypto­Locker since October, and each company has spent about $300 to save their data.

Petronella learned about CryptoLocker after Jerry Hall, who owns Total Systems Heating & Cooling in Spring Lake, N.C., with his wife, Brenda, shared his concerns about a pop-up on his computer.

Petronella got into the Halls’ computer system and found instructions for making a payment. The pop-up also set a deadline: ignore it and Crypto­Locker would permanently encrypt all of the Hall’s files.

  • related content

  • Craig Petronella has a company in Raleigh, N.C., that helps when people or businesses are hit with a computer virus. There is a new kind of ransom virus called CryptoLocker going around that locks a computer unless money is paid electronically to the hackers.

  • Protect your company

    Here are tips for defending your computer system against malicious software:

    • Use an effective, up-to-date antivirus program.

    • Be cautious when opening e-mails and attachments from unknown senders and when visiting small, hosted websites that feature community forums.

    • Make sure computers are up to date with the latest patches.

    • Upgrade firewall to a unified threat model that scans files as they enter your system.

    • Regularly test your data backup system.

    • Dell SecureWorks Counter Threat Unit recommends regularly backing up data to offline storage. CryptoLocker will encrypt files that are in network-attached or cloud-based storage.

  • get related content delivered to your inbox

  • manage my email subscriptions





Connect with twitterConnect with facebookConnect with Google+Connect with PinterestConnect with PinterestConnect with RssfeedConnect with email newsletters