CryptoLocker Is The Nastiest Malware Ever & Here’s What You Can Do

Ads by Google

Ransomware is an especially odious type of malware. The way it works is simple. Your computer will be infected with some malicious software. That software then renders your computer entirely unusable, sometimes purporting to be from local law enforcement and accusing you of committing a computer crime or viewing explicit pictures of children. It then demands monetary payment, either in the form of a ransom or a ‘fine’ before access to your computer is returned.

Horrible, isn’t it? Well, get ready to meet CryptoLocker; the evil patriarch of the Ransomware family.

What Is CryptoLocker

CryptoLocker is a piece of malware targeting computers running the Microsoft Windows operating system. It is typically spread as an email attachment, often purporting to be from a legitimate source (including Intuit and Companies House). Some say it is also being spread through the ZeuS botnet.

Once installed on your computer, it systematically encrypts all documents that are stored on your local computer, as well as ones that are stored on mapped network drives and mounted removable storage.

cryptolocker-example

The encryption used is strong, 2048 bit RSA, with the decryption key for your files being stored on a remote server. The odds of you being able to break this encryption is almost nonexistent. If you want to get your files back, CryptoLocker asks for you to fork over some cash; either two bitcoins (At the time of writing, worth almost USD $380) or $300 in either MonkeyPak or Ukash prepaid cards. If you don’t pay within three days, the decryption key is deleted and you lose access to your files forever.

Ads by Google

I spoke to popular security expert and blogger Javvad Malik; this is what he had to say about CryptoLocker.

Ransomware such as CryptoLocker is not something very new – variations of Ransomware have been around for years. When you look at CryptoLocker, it predominantly comes in via phishing emails (from what I’ve seen). The best way to protect against it is for users to be vigilant against clicking on links within emails. Currently, it looks like there’s not much that can be done once infected and I wouldn’t advice anyone to pay the ransom. It goes back to having backups and data management in place.

Mitigating Against It

Reports suggest that some security programs have had a hard time of preventing CryptoLocker from getting its claws onto your system before it’s too late. Fortunately, American security expert Nick Shaw has created a handy piece of software called CryptoPrevent (free) . This applies a number of settings to your installation of Windows that prevents CryptoLocker from ever executing and has been proven to work in Windows XP and Windows 7 environments.

It’s also worth making sure that you check emails to see if they’re suspect before you open up any email attachments. Do they have an email address that matches up with the purported sender? Were you expecting any correspondence from them? Is the spelling and grammar consistent with what you’d expect from the genuine sender? These are all reasons to be suspicious of an email and to think twice about poking in any attachments.

Having Proper Backup

In these circumstances, I’d encourage everyone to make regular backups that are isolated from your computer. Using a networked backup solution will be utterly ineffective, as CryptoLocker has been known to encrypt data stored on these volumes.

cryptolocker-backup

If you use a cloud backup service like Carbonite, you can take comfort in knowing the odds are good that your files are versioned. That means if you back up an encrypted copy of a file you care about, you can revert to an earlier version. An employee of Carbonite posted this advice on Reddit.

I work for Carbonite on the operations team, and I can confirm this for most cases – I will also offer these two pieces of advice:

1) If you are affected by the virus, you should disable or uninstall Carbonite as soon as possible. If you stop backing up the files, it’s more likely that Carbonite will not have overwritten a “last known good” backup set. There is a high risk of some recent data loss (you’re effectively going back in time, so if we have no record of the file existing at a previous time, you won’t get it back) with this method, but it’s far, far better than losing all of your files.

2) When you call customer support, which you should do as soon as possible, specifically mention that you are infected with cryptolocker. It was mentioned in the post above, but I just wanted to put emphasis on it because it’ll get you through the queue faster.

Edit: also, just to state the obvious, make doubly sure the infection is off your machine before you call support, please.

Should You Pay The Ransom?

What if your computer gets compromised? It goes without saying that brute forcing a file encrypted with 2048 bit encryption is almost impossible. Noted computer security firm Sophos has looked at a number of files that have been encrypted by this particular malware and has failed to notice any obvious means in which they can be decrypted without forking over a ransom.

With that in mind, the only way to get your data back is by paying the ransom. However, this poses a major ethical dilemma. By paying the ransom, you make this type of chicanery profitable and therefore perpetuate it. However, if you don’t pay the ransom, you forever lose access to everything you’ve been working on which is stored on your computer.

What further complicates things is that it is impossible to ascertain who would be the recipient of any money paid. It may something so simple as a single person working from his bedroom looking to get rich at the expense at others, or it might be something much more sinister.

Conclusion

I’ll leave the floor to you, the reader. Would you pay the ransom? Have you been infected with CryptoLocker? Leave your thoughts in the comments box below.

Image Credits: jm3 acampos

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Windows Hacks & Customization
Windows Hacks & Customization
97 Members
Windows_10
Windows_10
87 Members
Best Windows Software
Best Windows Software
59 Members
Windows Troubleshooting
Windows Troubleshooting
59 Members
Windows Firewalls & Antivirus
Windows Firewalls & Antivirus
19 Members
Ads by Google
Comments (212)
  • Rob

    So did they manage to find a solution in the end? :/

  • Rich

    Oh yeah and this easy 123 plan should be free of charge, just to help out the community Right?

  • Rich

    Ok Everyone and Matthew, lets get back to the basics. There is a great deal of information in these comments which when all added up together can become very confusing.

    So now I understand if use SkyDrive linked to you hard drive you can be effected, so this is really not an answer. Protecting you files is of the most importance in any situation so we need to know the best way to do that.

    Stopping the virus from getting in, in the first place would be best however that would be a perfect world. Forget it.

    Also if new viruses and Trojans are developed in the future Well Then He’s Jonny I’m Home, Right?

    Many non technical average users find making all these back disk a real challenge and then to keep them updated WOW more trouble.

    In my personal opinion a removable flash drive out weighs all of it. True or False?

    I hear a lot of controversy on clouds, This Cloud, That Cloud, This Cloud, Which dammm Cloud.

    What about Norton off site Back up. Is that not safe either? Or is it? Should I Just keep my Norton running as usual and run Norton backup to retrieve my files as I have before.

    Is it possible to take all the information in everyone’s comments and put it into an easy to read and to follow format. Like step 1,2,3 The Best of the Best iron clad and user friendly process.

    Please all you guru’s out there should be able to come up with the most effect and easy to plan, considering the age of todays technology. No Pun intended, LMAO

    HEEEEEEEEEEEEEELP

  • Scott T

    I got this nasty piece of virus last week and I was freaked out because I had been working on a proposal that was not backed up any where. I had a rollback rx installed and i was really praying and hoping it would save me because after reading online about it I was really doubting anything would get my out of this mess. So i rolled back my pc to a earlier snapshot and closed my eyes and prayed some more LOL!! it actually worked. I was able to rollback to a earlier snapshot 2 hours earlier and I was virus free and my proposal I was working on was still there! So maybe some of you may want to check out rollback rx

  • Jim

    Any ‘mapped’ UNC paths are susceptible to encryption so beware of that.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.