CryptoLocker Malware

Ransomware is a particularly deplorable type of malware.  The way it works is relatively simple:

Your computer is infected by some malicious software.
The malicious software renders your computer partially or entirely useless.
The malicious software demands a payment in order for access to your computer to be returned.

Some of the ransomware from the past has claimed to be local or federal law enforcement accusing you of various crimes, allowing you to pay a “fine” to regain access to your computer.  This type of ransomware was irritating, but could be removed with no permanent damage or file loss.

Then along comes CryptoLocker.

CryptoLocker

CryptoLocker is a piece of ransomware/malware that targets computers running the Microsoft Windows operating system.  It is typically spread as an email attachment, often from a legitimate source.  The attachment is typically a Zip file that is disguised as a PDF file.

Once CryptoLocker is installed on your computer, it encrypts all documents stored on your local computer, mapped network drives, as well as removable media (camera cards, thumb drives, etc.).

The encryption key for your files is stored on a remote server, supposedly to be released to you upon payment of $300-380 within three days.  If the payment is not made within three days the decryption key is deleted and you lose access to your files forever.

It is worth noting here that the encryption being used by CryptoLocker is strong.  The odds of the encryption being broken by you, a computer technician, or that really smart kid that lives down the street are nearly non existent.  What this means is that you will no longer have access to your files.

What Can We Do?

It’s always a good idea to check your email to see if a message is suspect before opening any attachments.  Does the email address match the sender name?  Were you expecting correspondence with the sender?  Is the spelling and grammar consistent with what you would expect from the sender?  These are all reasons to be suspicious of an email and to think twice about opening an attachment associated with the email.

Make certain you are backing up your data regularly.  If you back up to an external drive, make sure you are disconnecting it from your computer when it is not in use.

Even though reports suggest that some security and antivirus programs have had a hard time preventing CryptoLocker from installing on your system, it is still a good idea to make sure that you have security and/or antivirus programs installed and up to date.

Security Expert Nick Shaw has created a piece of software called CryptoPrevent (free) to help prevent CryptoLocker infections.  It works by changing some of your default system settings to prevent CryptoLocker from ever being able to install itself.  The downside is that it may make it more difficult to do legitimate installations, but it looks easy to undo changes as well.

Leave a Reply

Your email address will not be published. Required fields are marked *