A new form of ransomware called CryptoJoker was discovered in January 2016. It uses the AES-256 algorithm to encrypt victims’ files and then demands a ransom for their release. CryptoJoker affects computers running Microsoft Windows operating systems.
Although CryptoJoker is not widely distributed at this time, security experts have started warning people about it. Besides using a strong encryption method, it targets 30 different types of files and deletes any shadow copies of them. As a result, victims have only two options to get their files back: recover them from a backup or give into the attackers’ demands. Even if the victims do pay the ransom, there is no guarantee the attackers will provide the decryption key and decoder needed to decrypt the files.
Since backing up files is a lot cheaper and less hassle than paying a ransom, now is the time to back up your files. There are also other measures you can take to avoid becoming a victim of CryptoJoker. To understand why those measures are important, you need to know how this ransomware works.
How CryptoJoker Works
The CryptoJoker attack usually starts with a phishing email that tries to get the recipients to open a CryptoJoker installer disguised as a PDF file. If the email recipients open that file, the installer downloads or generates the executables needed to carry out the attack.
CryptoJoker then scans the computer drives, looking for 30 different types of files, including PDF files, text files, Microsoft Word and Excel files, and image files (e.g., JPG, PNG). After encrypting those files, it appends “.crjoker” to their file extensions. For example, a file named “BusinessForecasts.docx” would become “BusinessForecasts.docx.crjoker”.
The ransomware also performs other malicious acts, all intended to make victims pay up. For instance, it deletes any shadow copies made by Windows’ Volume Shadow Copy Service so that the victims’ files cannot be recovered. Plus, CryptoJoker terminates several processes so that victims cannot run Windows Task Manager or the registry editor. Finally, it displays a popup box with the ransom note.
How to Avoid Becoming a Victim of a CryptoJoker Attack
To help prevent a CryptoJoker attack, you can take several measures:
- Do not open any email attachments that you are not expecting. If the email is from someone you know, check with that person first before opening the attachment.
- Do not click any links embedded in emails sent from unknown sources. Even if you know the person who sent the email, check the link before clicking it. Hover your cursor over the link to see the address of the website that you will be taken to. If the website address seems suspicious, perform an online search to see if it is associated with any cybercrimes.
- Use anti-malware software.
- Back up your files regularly. Although this will not prevent a CryptoJoker attack, it can mitigate the effects of one.
What should you do if you become a victim of CryptoJoker? Assuming that you have backups, you will need to first remove the ransomware from your computer and then restore your files from a backup made before the attack. These are complex processes, so you should enlist the help of your IT service provider.