Friday, 18 April 2014

Irish businesses hit hard by data locking ransomware Filecoder/Cryptolocker

ESET Ireland reports the last few weeks have seen an increased number of victims of data locking ransomware among Irish businesses.



Malware experts from the antivirus firm ESET Ireland have been receiving calls for help from all over the country from businesses hit by one of the most malicious forms of malware – data locking ransomware known as Cryptolocker, detected by ESET as Win32/Filecoder. We have received reports from Westmeath, Wexford, Waterford, Galway, Donegal, etc, mainly from SMBs with an average of 15 computers each.


Filecoder malware infects the computer then encrypts (locks) all Word, Excel, PDF and other files, so the owner can’t open them until he has purchased a decryptor from the attackers, which unlocks them. The cybercriminals usually request the ransom to be paid in Bitcoin and the average amount required is between US$300 and US$500. A 2013 UK survey showed 41% of those attacked decided to pay the ransom and Bitcoin traffic associated with accounts related to ransomware showed cybercriminals made in excess of US$20 million per month.



What most of the affected companies had in common was that they had poor security and partial or no antivirus software in place. Several suspect their infection came from an email attachment. In most cases one machine became infected first then encrypted all network shares. Many of these companies also didn’t have their data backed up, so some decided to pay the ransom to retrieve their files.