|Home » Learning Curve » Red Hat Diaries
CryptoLocker's Cruel Joke
But will the Windows eejits get it?
WORLD OF WINDOWS (Radsoft) — There's a new critter about, and it's a nasty one, and it should make the writing on the wall plainer for all Windows (l)users to see, but will they finally after all these years 'get it'?
Krebs on Security
Brian Krebs covers the dilemma of CryptoLocker better than anyone, just as he covers most security issues better than anyone.
First and most important to understand: CryptoLocker is 'ransomware'. Thanks to the great architecture of Windows, the malware can choose from myriad gaping security holes to 'own' your machine, and thereafter encrypt all your files using AES-2048. Then you are notified of what's happened, and you can pay €300 to have your files unencrypted again.
The CryptoLocker ransom screen. Pay up or you are fucked. There is no alternative.
'The trouble with CryptoLocker is not so much in removing the malware', writes Krebs. 'The real bummer is that all of your important files - pictures, documents, movies, MP3s - will remain scrambled with virtually unbreakable encryption unless and until you pay the ransom demand, which can range from $100 to $300 (and payable only in Bitcoins).'
The 'virtually' in 'virtually unbreakable encryption' is conservative: the famous WikiLeaks insurance file used AES-256 for encryption, and no one came close to cracking it. AES-2048 ups the game considerably. All the IBM mainframes in the world couldn't possibly crack it in several lifetimes (or centuries).
CryptoLocker represents the ultimate Windows hack.
From the early days of pranks to the worldwide calamities of 'ILOVEYOU' and subsequent vandal rampages to the targeting of especially vulnerable SMBs, we may have come full circle, where automation can again play a big part and it's not in the quality but in the quantity. $300 multiplied by all the Windows eejits out there is a lot of cash.
Perhaps the 'white hats' should get in on this one whilst the going's still good, for there sure are a lot of idiots out there still using Windows.
This is important to understand: Brian Krebs, gentleman that he is, will give you all the info he can on thwarting a CryptoLocker attack, but neither he nor all the king's horses and all the king's men can help you if you get hit.
You've had your chance. For over ten years at least. Security experts worldwide (not in the least at this site) together with actual governments have been trumpeting out the absolute necessity of fleeing Windows. But you didn't listen.