Ransomware CryptoLocker

Ransomware is a type of malicious software designed to block access to your computer system or files until a sum of money is paid. This type of malware typically targets individuals.  We are starting to see more business computers targeted.

The current greatest ransomware threat continues to be Cryptolocker. Cryptolocker started appearing in late September 2013. Once the system is infected, the malware encrypts most or all the users data files, making the files inaccessible.  The ransom ranges from $300.00 to $3000.00 US dollars. There is currently no way to decrypt the files as the encryption key is randomly generated.

It is important to note CryptoLocker will encrypt any data files it finds on your system.  This includes files on your physical hard drive, attached USB drives and even cloud connected storage.  This means data on a mapped DropBox drive could also become encrypted.

I have an online backup. Is my data protected?

Having an online backup does NOT guarantee your data is protected.  While having an online backup can HELP to restore unencrypted files, it does not protect you from CryptoLocker.  In fact, once CryptoLocker has encrypted the file, it has changed.  This may cause your online backup to backup the now changed and encrypted file.

Should I pay the ransom?

Only you can make the decision to pay the ransom. Paying the ransom DOES NOT guarantee the files will be decrypted. Paying the ransom can lead to other problems, like credit card fraud and identify theft. We DO NOT recommend ever paying the ransom.  We recommend prevention and using best practices to avoid getting the infection.

Reports indicate some who have paid the ransom never get their files decrypted.  Others have reported their files were decrypted, but it took several hours to days for the process to reverse itself.

Where does CryptoLocker come from?

CryptoLocker can be installed from simply browsing to an infected website.  However, it is frequently delivered via spam email as a compressed archive (.zip) file or via an executable file (.exe). Emails may appear to come from a person or business you know.  Faked emails appearing to come from UPS or FedEx have also been reported as points of distribution for CryptoLocker.

Signs your system may be infected with CryptoLocker

1. The system has started running unbearably slow.  This is due to the processor resources needed to encrypt all of your files.

Some steps you can take to help protect yourself.

Remembering no anti-virus/anti-malware can provide 100% protection, here are some things you can do to help ensure you don’t get infected.

  1. Have a decent and up-to-date antivirus program running.
  2. Get the latest operating system updates
  3. Have your computer firewall running
  4. Limit user privileges
  5. Have an online backup of your files.
  6. Have a complete and current offline and unconnected backup of all your data files.

More information about CryptoLocker: