TORONTO – RCMP have shut down two computer servers in Montreal as part of a worldwide crackdown on cyber-criminals responsible for extorting millions of dollars from users.
Over 5,000 Canadians have fallen victim to the ransomware known as Cryptolocker.
Authorities say the hackers implanted viruses on computers around the world, allowing them to seize customer bank information and steal more than $100 million from businesses and consumers.
What is Cryptolocker?
Cryptolocker is a form of malware that allows hackers to encrypt a user’s personal files without their knowledge and then demand a ransom for those files to be unlocked.
Once the files have been encrypted, a message will appear on the user’s screen demanding the user pay the attacker using bitcoin within a certain time period – most of the Cryptolocker attacks demanded about $300 from the user within 96 hours.
The message alleges that the single copy of the key that will allow the user to decrypt their files will self destruct after 96 hours. If the user provides the funds within the time limit, the key is handed over.
The malware, which first surfaced in 2013, affects systems running Microsoft Windows.
Cryptolocker is estimated to have infected over 234,000 computers around the world.
How is it spread?
According to the U.S. Computer Emergency Readiness Team (US-CERT), Cryptolocker was spread though fake emails poised to look like messages from legitimate businesses and FedEx and UPS tracking notices.
The malware is installed after the user opens the email and downloads a zip file hidden inside.
Who was affected?
According to U.S. court documents, some of the larger scale victims included the Swansea, Massachusetts police department – which paid a $750 ransom after Cryptolocker encrypted its main file server.
The RCMP estimate that more than 5,000 Canadians were affected by the malware, with potential losses close to CAD$1.5 million.
Now that authorities have shut down servers, am I safe?
Yes and no. According to the UK’s National Crime Agency, action taken by law enforcement agencies around the world – including the RCMP – has weakened the network of infected computers.
The agency said in a statement that the public has a “unique, two-week opportunity to rid and safeguard” themselves from Cryptolocker.
“By disrupting the system used by the infected computers to communicate with each other, and the criminals controlling them, this activity aims to significantly reduce the malware’s effectiveness,” read the statement.
However, users should still practice caution when opening email attachments that may be suspicious.
How can I protect myself?
The best way to protect yourself from any sort of ransomware is to maintain up-to-date anti-virus or anti-malware software and ensure you are backing up your computer regularly to prevent losing any of your important files.
As mentioned, users should be wary of any unsolicited emails or emails from addresses they may not know.
A good way to know if the link provided in an email is legitimate is to check the URL by hovering your mouse over the link – if the email appears to be from a business, say UPS, and the URL is not the company’s official web address, then it’s likely a fraudulent email.