Judges and officials of the Chilean Judiciary woke up to news that caused chaos: they were under a computer attack. This due to a virus that affected some of the system’s computers.
The deputy director of the Administrative Corporation of the Judicial Power (CAPJ), Zvonimir Koporcic, was the one who announced that the entity’s computers were affected by the computer virus cryptolocker type malware. They point out that the affected computers, so far, are around 100. What type of virus is this and what are the risks?
This is CryptoLocker ransomware
CryptoLocker is a ransomware virus that restricts access to infected computers by encrypting their contents. Once infected, victims must pay a “ransom” to decrypt and recover their files.
The primary method of infection is phishing emails with malicious attachments. These emails are designed to be very similar to those from legitimate companies, such as banks or others, they also use fake tracking notifications similar to those from local mail companies, or FedEx or UPS.
What is ransomware?
Before continuing with the explanation, this must be clarified. Ransomware is a type of malicious software (malware) that threatens to block access to a computer system or data, usually through encryption, until the victim pays the attacker a fee.
In many cases, the ransom demand comes with a deadline. If the victim does not pay on time, the data is permanently deleted or the ransom is increased.
The history of CryptoLocker
CryptoLocker ransomware is a type of malware that encrypts files on Windows computers and then demands a ransom payment in exchange for the decryption key. It appeared in September 2013 and launched a sustained attack that lasted until May of the following year.
CryptoLocker tricked its targets into downloading malicious email attachments. Once opened, these attached Trojans executed the malware that was hidden inside.
According to the official Avast pageCryptoLocker is not exactly a virus, since was not able to make copies of itself. So how did CryptoLocker spread? To help infect more victims, the cybercriminals behind this malware made use of the now famous botnet called Gameover ZeuS.
It was a network of computers infected with malware whose operator could control remotely, without the knowledge or consent of their owners. In other words, everything was set for a massive CryptoLocker ransomware infection.
That first major attack was stopped in 2014: the current ones are “clones”
In mid-2014, an international group known as Operation Tovar finally managed to take down Gameover ZeuS. Following this win, CryptoLocker decryption keys were released online for free. Although it is difficult to determine the exact amount, by then the brains behind CryptoLocker had already obtained from their victims million dollars in bitcoins.
This considerable success inspired many other cybercriminals to develop “clones” and derivative strains, some of which have not yet been cracked. And possibly one of these is the one that attacked the Chilean judicial system. Some of these threats are modeled after the original CryptoLocker, while others simply take elements of its name.