CryptoLocker has to be one of the nastiest, most twisted pieces of malware to hit the Internet in a long time. Here’s how it works: Once your computer gets infected, the virus encrypts all your data–documents, pictures, videos, backups (it’s not picky)–using a unique RSA-2048 key that is stored not on your computer but on CryptoLocker’s servers. CryptoLocker then points a gun at your head–if you want the key to unlock your stuff, you’ll have to give us $300. If you fail to cough up within 72 hours, the key to unlock your data is deleted. Forever.
Now, the diabolical crooks behind CryptoLocker have launched a website for people who need help paying their ransom. Those victims who did pay the ransom but didn’t get the decryption or got one that didn’t work for some reason can download it again. They can also check the status of their orders. How convenient.
If you missed the 72-hour deadline, you can still get your data back. But the price jumps from two bitcoins to 10–nearly $4,000 currently.
“They realized they’ve been leaving money on the table,” Lawrence Abrams, who has been tracking CryptoLocker on his site BleepingComputer.com told the KrebsOnSecurity blog. “They decided there’s little sense in not accepting the ransom money a week later if the victim is still willing to pay to get their files back.”