For anyone that hasn't heard about Cryptolocker, it's the latest, nasty twist on ransomware, which uses a blend of RSA and AES encryption to lockdown files on infected machines. Victims find they can no longer access the files on their PCs, and are given three days to pay up and get their machines back, or face demands for larger payments.
The scammers behind the Cryptolocker scam have been asking for around $300 before they supply the victim with a decryption key that will release their files and, as well as Bitcions, are now even accommodating alternative payment methods: vouchers from MoneyPak, UKash, CashU, or Bitcoins.
The UK's National Crime Agency (NCA) sees the threat as serious enough to have issued an alert on the subject, warning that the malware may be being sent out to tens of millions of people in the UK. The FBI has also issued warnings, as has Microsoft.
Until this week, the scam — running since at least September — had been asking for two Bitcoins as the ransom, which originally equated to around $300. By early November though, the price of one Bitcoin had risen to $300. As the UK's NCA notes in its alert, two Bitcoins on 15 November would have been worth £536 ($868). This week, the price of just one Bitcoin floated above $900, before falling to around $700 today.
But would victims really pay $1,400 to get their files back? Presumanly to ensure Bitcoins remain a viable payment option, the ransomware scammers have now adjusted their rate for the digital currency.
A sample of the malware on 20 November picked up by Sean Sullivan, a security researcher at Finnish security firm F-Secure, shows that the ransomware scammers are now asking for 0.5 Bitcoins — roughly back to the $300 level price they had asked for originally.