Cryptolocker evolving

According to Dell SecureWorks, in the last four months of 2013 alone, ransomware raked in some $5 million.

Strong encryption is what distinguishes CryptoLocker from past ransomware efforts. Even when the malware is removed, your files are still encrypted.

Jarvis, of SecureWorks,said: “In most cases they’re sending the decryption keys back to the computer once they receive payment successfully. We don’t know what the percentage of people who successfully do that is, but we know it’s part of their business model not to lie to people and not do it.”

“You have to reinfect yourself with the malware but once you do that, you can get a successful decryption,” Jarvis explained.

CryptoLocker is being re-engineered to a new form called PowerLocker. The author is intent on selling PowerLocker’s code to anyone with the deep pockets to buy it. This forebodes a possible epidemic in the near future.

However, Jarvis, of Secureworks, said: “We got an early copy of PowerLocker, and it’s a very primitive piece of malware. If it shows up in the wild as it is, it would take a considerable amount of work to get it up to speed and even more work to get it up to the level of CryptoLocker.”