Have you ever seen a pop-up suggesting that you update your version of Java? Have you been ignoring those warnings? Doing so could put your data at risk!
First discovered in September of 2013, a certain type of malware (referred to as "ransomware") called Cryptolocker has been infecting systems and encrypting user files. The only way to recover those encrypted files is to restore them from backup, or to pay a $300 fee to the attackers. If you're lucky, after paying the fee the attackers will decrypt the files and "release" your machine back to you. This is a NASTY infection that results in downtime, revenue loss, and potential loss of sensitive data.
CryptoLocker typically propagates as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by legitimate company; or, it is uploaded to a computer already recruited to a botnet by a previous trojan infection. A ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .EXE extension. Some instances may actually contain the Zeus trojan instead, which in turn installs CryptoLocker. When first run, the payload installs itself in the Documents and Settings folder with a random name, and adds a key to the registry that causes it to run on startup. It then attempts to contact one of several designated command and control servers; once connected, the server then generates a 2048-bit RSA key pair, and sends the public key back to the infected computer. The server may be a local proxy and go through others, frequently relocated in different countries to make tracing difficult.
The exploit relies upon a bug in the Java VM (virtual machine) prior to Java 7 update 40. The risk of infection can be mitigated by installing the latest updates to the Java package.
It's critical to apply java updates when they become available to ensure safe and happy computing!