So a new malware attack has emerged this year called RamsonWare. It affects mainly Windows machines but OS X users should beware because even though it currently does not target OSX, your data may be at risk as a consequence of a PC becoming affected.
So what is RamsonWare? It is malware that infects your Windows PC. It then encrypts all your files with a unique encryption key using very very strong encryption, normally 2048 bits. The malware then demands money to decrypt your files. The encryption is so good that there are no tools they can decrypt them once infected.
CryptoLocker is currently the most destructive version out there. Once infected it demands $300/€300 to unencrypt your files. It even takes bit coin currency. It gives you 72 hours to pay up and buy back the private keys required to decrypt your files before they are destroyed, leaving your files unusable. CyrptoLocker will encrypt any file that is reachable from that PC. This includes local files, files on locally attached storage, even network drives.
Once infected you are have a moral dilema. If you have no backup do you pay up?
This malware has been a hard one for the anti-virus guys. They are slowly playing catchup.
The most common way of infection is either via email or botnets.
What can PC users do?
- Keep Windows patched and unto date.
- Make sure your anti-virus software is up to date.
- Do not open any attachments in emails that you were not expecting and especially from people you do not know
- Even if the email logos legitimate, like an email from you bank, don’t click any links within.
- Keeps regular backups and keep them offline from the PC. A backup program that keeps versions would be ideal as well.
So even though OS X is not targeted, any data you keep that is reachable via a PC could be in danger.