Security vendor Symantec, in its latestInternet Security Threat Report, said it saw a 500 percent increase in the number of attempts across its customer base in 2013 to install encrypting malware. Such malware includes CryptoLocker, CryptorBit and HowDecrypt.





Director of Symantec’s security response team, Kevin Haley, said: “It’s the perfect kind of criminal scam. You get people scared and not thinking, and you can make a lot of money out of it.”

Typically what happens with encryption malware is that the plain-text private key to unlock the data is sent back to the cybercriminals server. CryptoDefense used Microsoft’s Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user’s data. However, the criminals didn't know that the Data Protection API stored a copy of the encryption keys on a victim’s computer.

On March 31, Symantec published a blog post detailing the error. Two days later, they removed the info. The company had second thoughts about dribbling that bit of information since most users unfamiliar with RSA encryption wouldn’t know what to do with it.

And then the cybercriminals fixed it.