CryptoLocker is a form of ransomware that targets computers by disguising itself as a legitimate attachment that, when opened, locks up all the files of an infected computer, including backup files. Only the hackers have the decryption key, demanding $300, or two Bitcoins, to release it.
Now, to add insult to injury, the gang behind the malware has created a customer service site for victims who need help in making the payment, according to a report from The Today Show. People can use CryptoLocker Decryption Service to check the status of their payment and complete the transaction, at an additional cost.
“They were leaving money on the table,” said Lawrence Abrams, who has tracked the spread of this malware on BleepingComputer.com. “They created this site to capture all of the money they were losing because people couldn’t figure out how to make the ransom payment or missed the deadline.”
There is a 72-hour deadline to pay for the decryption key, which jumps from two Bitcoins to 10, or nearly $4,000 on today’s market, if missed. A Bitcoin is a peer-to-peer digital currency which the U.S Department of Justice and the Securities and Exchange Commission consider a legitimate financial instrument.
According to Abrams, CryptoLocker uses Zip files to worm its way into computers and is password protected, which allows it to get past security software. He added that the password has been “PaSdlaoQ” for everyone so far.
The advice to protect users from the malware is not new: Don’t open attachments from unknown senders, have up-to-date security software, and back up files often.
“This is scary stuff,” said Brian Krebs on the KrebsOnSecurity blog. “People need to rethink how they protect their important files.”