Skip to main content

Damballa's Adrian Culley: "CryptoLocker is here today"

It's the nightmare scenario: You switch on your computer to find yourself met with the words "your personal files are encrypted!"

The message tells you that to obtain the private key to decrypt the computer, you will need to pay two bitcoins (approximately £536) to the cybercriminals. If you don't do this within 72 hours, they say, the key will be destroyed.

A digital clock is counting down.

You've been infected by CryptoLocker, the latest form of "ransomware," (opens in new tab) and a Trojan horse that's had the UK's National Crime Agency (NCA) issuing an urgent nationwide alert to small businesses. The agency expects over 10 million British Internet users to be targeted by the scam, which can render whole hard drives unreadable.

We spoke to Adrian Culley, technical consultant at advanced threat protection and containment firm Damballa Security (opens in new tab), about the emerging threat of CryptoLocker and what small businesses can do to protect themselves.


"It's quite unusual that the national Crime Agency (NCA) has issued a national statement about it," Adrian told us, a move that he called "completely unprecedented."

He warned that the emails used to spread the Trojan would be highly targeted, and resemble trusted communications.

"These attack emails won't look like a strange email from a sexy Russian lady or someone trying to sell digital watches. It will look like an email you're expecting," he told us. "The reason we call it phishing is because the attackers use bait. It's meant to look tempting, and meant to look like the real thing. If you're not careful, by the time you notice the hook, it'll be too late."

How to protect yourself

Luckily, Adrian was able to offer us some clear-headed advice.

"Make sure that your operating system is patched up and up to date," he said. "Microsoft releases its patches on the second Tuesday of every month, so make sure that you've got the latest one. Ideally, set your systems to do that automatically. Make sure your antivirus is up to date. Check it's working, too – and if it isn't, do something about it."

The most important thing is to resist the social engineering attacks (opens in new tab) of the malware originators.

"Do not download files, do not unzip a file package, and do not click on strange URLs. Even if the email looks like one you should be getting, don't reply to it – send another email straight to the person it's meant to be from, checking if they've emailed you today. The chances are, they won't have."

Regular backups

"You might be able to get rid of the virus that is CryptoLocker," Culley told us, "but the only way to get your data back is to have a backup. Microsoft will do that for you for free, but you can get a Terabyte removable hard drive now for £50. If you're a small business, invest £100 in two back up hard drives – one that stays on site, and one that stays at home."

Culley recommends regularly swapping these hard drives in order to ensure that they are up to date, and secure.

"At worst, you'll only lose a couple of days' data. That's as proof as you can be against CryptoLocker."

For larger businesses, it's even harder to secure computer systems from infection.

"Explain to all of your staff not to open suspicious emails," Culley advised. "If people look after the basics, patch their operating system, and backup their data, they're going to be reasonably safe."

The problem is largely a lack of awareness, according to Culley.

"This is really aimed at small to medium businesses that don't think they have the budget for cyber security, and don't even realise that they could be a possible target."

Don't cough up

Above all, Culley told us, don't pay the ransom.

"The way these people tend to work is that if you're silly enough to pay them anything, they'll ask for double. Paying the ransom won't get your data back; the way to get it back is to have a secure backup copy."

"Some people sadly aren't going to be briefed on this, they are going to try to pay the ransom, and almost certainly they'll find that it doesn't help them."

And the worst thing? This isn't a one-off strike.

"The lid is off Pandora's box," Culley told us. "There are going to be many copycat attacks after this. Organised crime is always interested in making as much money as possible (opens in new tab)."

Culley told us that we have no idea how many people are actually coughing up, due to the anonymous nature of bitcoin.

"The problem is, you're only going to find out about this after people have been badly hurt. One of the phenomena with conventional fraud that applies here, is that by the time a victim contacts the police, more often than not the fraudsters have already had two or three sets of money out of them."

"CryptoLocker is here today"

The most important thing to realise, Culley told us, is that this is not a threat looming sometime in the future.

"CryptoLocker is here today," he said.

"It's good to see the NCA being on the front foot, but we still need to make sure we're getting accessible, practical and understandable advice to certain small businesses, and actually every business."

Anyone whose computer has been infected with CryptoLocker should report it to (opens in new tab).

Image: Flickr (rawiyawill)

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.