New Ransomware Lets One File Go Free, Then Wants Cash
The latest strain of encrypting ransomware locks people out of their own computer files — but also lets victims choose one of their "hostage" files to be unlocked for free. Like a drug dealer or bank robber, the new malware, called CoinVault, gives the paying party a "taste" of the liberated goods, then demands full payment for the rest. The ransom increases the longer the victim does not pay.
Once it infects a Windows PC, CoinVault displays a message telling victims that "Your personal documents and files on this computer have just been encrypted." It demands payment in the online cryptocurrency Bitcoin and gives instructions on how victims can send the money.
MORE: Best PC Antivirus Software
Included in the message is a "One free decrypt" button, which does actually work, according to researcher Tyler Moffitt of Broomfield, Colorado-based antivirus company Webroot.
CoinVault is easy to remove from computers, but once it accomplishes the encryption, the damage is done. There's little point in trying to crack the encryption, as doing so would take years.
"You can easily delete this software, but know that without it, you will never be able to get your original files back," the CoinVault message threatens.
In most other respects, CoinVault is similar to other recent pieces of ransomware, such as CryptoLocker and CryptoWall, which use strong encryption to lock up files on infected computers. Many researchers recommend against paying the ransoms, as there's no legal recourse if the files are not restored, yet most samples of ransomware do appear to be true to their words.
In CoinVault's case, Moffitt observed in his Webroot blog post: "I suspect that this [one free decrypt] freebie will increase the number of people who will pay."
To hedge against ransomware, frequently back up your files and folders, either to an external hard drive or to the cloud. Save several versions to prevent the chance of the backup also being encrypted. If you ever get infected with ransomware, you can merely delete the malware and restore your old files.
You should also make sure all your software is up-to-date and patched, as ransomware almost always exploits known software vulnerabilities. Be sure to install and run a robust antivirus solution, which will catch most or all forms of criminal-controlled malware.
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.
Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
