CryptoLocker ransom-ware becoming more prolific every day

Thursday, 7. November 2013

We have received reports that the CryptoLocker ransom-ware is becoming more prolific every day.

CryptoLocker ransom-ware is a malware program that when ran, will search all connected drives on your Windows PC, and then using strong public/private key encryption, proceeds to encrypt all of your data files it can find.

What it does:

Once it is done encrypting all the data files it can find, it will delete the private portion of the encryption key, and present the user with a popup. This popup informs the user that they have been infected and must pay $300 dollars via Bitcoin to receive the key to regain access to the data.

How it spreads:

Currently, it is spreading via email as attachments. These attachments can be a .zip file with a hidden payload file, an exe file, and if you are using an email client that hides the extension of attachments like Outlook, you could be fooled into thinking that the file is actually a picture or even a pdf.

How to remove it:

Removing the actual program itself is fairly simple, however removing it does not get back access to the files. To do that, you would need to restore them from backup, or pay the ransom. There is no honor among criminals, so you may just be throwing your money away. Reports of actually getting your data back are mixed at best.

How to avoid it:

  • Run regular backups of your data.
    • You should be backing up every day.
    •  You should have historical copies of your data as well as the most current.
    • You should have both local and off site backup.
  •  Make sure your backup drive is not mounted while you are using your computer.
    • If you are using a USB drive, make sure you disconnect it after you backup. Remember, CryptoLocker searches for files on all the drives it can see from your computer. If your USB drive is plugged in, it will encrypt the files on your USB as well.
    • The disconnecting goes for a network attached storage system as well. If it looks like a drive on your PC, CryptoLocker can access it.
  • Don’t open attachments.
    • The malware will try to fool you any way it can. Even if you are sure of the source of an attachment, be suspicious of it.
    • Turn off settings on your system that hide / remove file extensions from your view. This will help you be sure you know what kind of file you are opening.
  • Update you AV software.
    • You should be doing this regardless…
    • BE WARNED! AV SOFTWARE IS NOT ALWAYS CATCHING THIS BUG!

If you are infected, turn you system off immediately and contact a professional for help.

– Stu

Share

Leave a Reply

You must be logged in to post a comment.