CryptoLocker allowing users to pay extra for overdue ransom

The people behind CryptoLocker aren’t so bad, after all. They have listened to their victims’ complaints and tweaked their model accordingly.

Now, people who do not pay the $300 ransom will not simply have their files inaccessible forever. They can just pay out $2,000, a modest sum for a late ransom payment, all things considered.

All sarcasm aside, there are some criminals who are poised to make a lot of money off of this scam.

CryptoLocker is a particularly vicious piece of malware. It goes out as an attachment in an email designed to look like communication from a bank. Targets mostly seem to be small businesses.

When a user opens the attachment, a trojan puts all the computer’s files on lockdown and demands a ransom payment in Bitcoin within 72 hours. So anyone who isn’t savvy enough to set up a Bitcoin wallet and make payment in three days — which is most of humanity — previously had the decryption key to their files destroyed, and all they could do was purge the hard drive.

Now, a CryptoLocker Decryption Service has gone up on a sketchy Ukrainian web host that lets victims upload encrypted files. A confirmation page then comes up asking for 10 BTC, which is about $2,000 at current exchange rates.

But in a show of goodwill and true humanity, the criminals will not charge users who have already paid their ransoms for the private key to a file.

The lesson, then, is to be careful and proactive. First, don’t open email attachments unless you 100% know the sender. Two, keep your PC and its antivirus/anti-malware protection up to date. Third, back up your files (and if you back up to a cloud drive, deactivate automatic syncing because something like CryptoLocker could overwrite those backed-up files).