Cryptolocker has you between a back-up and a hard place

Most were epic fails and could hardly even be called cryptoviruses. The AIDS trojan, CryZip, Skowor, and Arhiveus are all examples of attempts to produce a virus that could hijack a computer’s files but all achieved only limited success because the brains behind them didn’t quite make the grade. More technically, they didn’t use public key encryption so they were all easy to reverse engineer in order to extract the key without paying.

The first real threat was the PGPCoder/GPCode family of cryptoviruses. The author behind this malware updated it every time antivirus companies announced a breakthrough, using trial and error to stay ahead of the game.

The authors of Cryptolocker, on the other hand, seem to have got the recipe right the first time. That would suggest they are well-educated people who are versed in cryptography. But even these smart cookies don’t appear to have read the papers produced by the Columbia researchers since they haven’t implemented the virus in exactly the way Yung and Young suggested.

A recent survey of just over 1,500 U.K. computer users showed that 3.4 percent said they had been affected by the Cryptolocker virus, suggesting that many more people than expected could have fallen victim. Of those who had been affected, a shocking 41 percent claimed to have paid the ransom.

If these figures play out across the general U.K. population, we are looking at a multi-million pound operation — one of the most successful of its kind.

Bitcoin has played an important role in Cryptolocker’s success, which might partially explain why it has thrived where others have failed. Before bitcoin, it was easier to investigate online payments. Now, with cryptocurrencies like these, ransom payments are hard to trace.

The battle continues
At least some of the ill-gotten gains secured from Cryptolocker are likely to be reinvested. The criminals behind it will likely pay for access to bigger botnets to reach a wider base of victims. Future versions of the virus will in all likelihood be more prevalent and will extend across other platforms, like smartphones and tablets.

This is the easy part though. Once you’ve got the code, infecting millions of computers is relatively straightforward. It’s making users pay that will become an increasingly challenging area for the criminals.

Let’s hope that they still haven’t wised up to use academic writings as a source of inspiration. Some of the more recent work of the Columbia duo, as well as some of the research going on at my university, would prove very handy indeed.

Convincing a customer (even an unwilling one) to pay is basically an economic problem and involves techniques that could include extortion, bargaining, price discrimination, and similar classical economic techniques. All kinds of tips on how to make this work to the criminal’s advantage are out there, in economic theory. Then, there are also quite interesting examples of viruses and bacteria that have spread for millions of years continuously involved in relations with their environment that resemble blackmail. That could also help forecast criminals’ future strategies.

Back up everything
But for now there is one very simple, clear-cut action to take if you want to avoid falling into the hands of Cryptolocker. It is a highly sophisticated tool but the worst can be avoided with very simple precautions: You must regularly back up all your data. You should do it carefully, using offline backups like an external hardrive that can’t be easily accessed by malware once it has entered you system.

In the meantime, we in academia will keep working to stay ahead of the criminals, by twenty years or more.

Julio Hernandez-Castro is Lecturer in Computer Security at University of Kent. This story is published courtesy of The Conversation (under Creative Commons-Attribution/No derivatives).