The Attorney General provides Consumer Alerts to inform the public of unfair, misleading, or deceptive business practices, and to provide information and guidance on other issues of concern. Consumer Alerts are not legal advice, legal authority, or a binding legal opinion from the Department of Attorney General.
If you lost all the files and pictures on your computer, how much would you pay to get them back? Some criminals think people will pay several hundred dollars. It turns out that these criminals may be right, and are using this knowledge to cash in on consumers. According to some estimates, criminals using a new type of computer malware called “CryptoLocker” have made over $20 million in just a few months. "CryptoDefense" - a copycat competitor to CryptoLocker - charges up to $500 to decrypt the files they invade and lock. If their four-day deadline passes, the amount goes up to $1,000. After a month, the keys are destroyed. If your computer is connected to the internet, there are a number of steps you should take to avoid or minimize the damage of falling victim to CryptoLocker, CryptoDefense, CryptoWall or other types of Ransomware.
As the name suggests, Ransomware is a type of malware that holds a computer’s files hostage until a “ransom” is paid. Once installed on a computer, it begins “encrypting” or locking files including documents, pictures, videos, MS Office files and PDFs. Ransomware can also affect files stored on shared network drives, USB drives, external hard drives, and even cloud storage drives in some cases. The malware then displays a message demanding payment within a set period of time, or the “key” to decrypt the files will be destroyed and the files will be lost forever.
These Ransomware criminals demands payment of the ransom by Bitcoin or MoneyPak, two essentially untraceable payment methods. Once payment is confirmed, the program promises to decrypt the encrypted files. However, some victims have reported that their files were not decrypted even after paying the ransom.
CryptoLocker is most commonly spread through fraudulent emails with malicious links or attachments. Many victims have reported that the fraudulent emails appeared to be from FedEx or UPS and had tracking notices attached. CryptoDefense usually spreads by pretending to be flash updates or video players required to view an online video. It also can be an email with a zip file directing the recipient to 'open the document' that was supposed to have been 'scanned and sent to you.'"
Whether you are using your home computer or a network computer where you work, there are a number of actions you can take to protect yourself against Ransomware.
If you believe your computer is infected with Ransomware, some steps may minimize the damage.
If you become a victim of Ransomware, think long and hard before paying the ransom. First, the FBI directs those infected with Ransomware to not pay as this will likely lead to more scams. As more people pay the ransom, the incentives for criminals to keep spreading this malicious program increases. Second, there is no guarantee that once you pay, the criminals behind Ransomware will actually decrypt your files. Third, some firms have recovered a portion of the private decryption keys and are currently offering these keys to consumers for free. Nevertheless, if you routinely backup your files, the amount of files you lose should be minimal.
In addition, victims should contact the local police and report the matter. You should also file a complaint with the FBI’s Internet Crime Complaint Center and with the Department of Attorney General’s Consumer Protection Division.
The U.S. Computer Emergency Readiness Team issued alerts with additional information about CryptoLocker and Ransomware generally. For more information about fraudulent emails generally, please see the Attorney General’s consumer alert “Fraudulent E-mail Thieves Intend to Steal Your Personal Information.”
Consumers may contact the Attorney General's Consumer Protection Division at:Consumer Protection Division