CryptoLocker is the latest RansomWare Virus to infect computers across the world, holding all of your data hostage in the process. It’s a particularly nasty virus, due to the fact that as soon as it installs itself on your computer, it begins encrypting all of your folders and files. This means your files will be locked, rendering them useless until they are decrypted, this is a very serious issue for businesses and home users alike.
CryptoLocker first appeared in September of this year, and very rapidly began infecting many computers across the United States and United Kingdom. It is spread mainly through emails, as an attachment in the email. There are reports that it is also downloaded and installed through other malware infections. There are reports that the emails are claiming to be various shipping companies, with your invoice attached to the email. The attachment itself is reported to have a double extension in the name, such as “Virus.jpg.exe”, whereas a regular file will only contain one extension. As a word of advice, unless you requested a program to be emailed to you, any attachment with “.exe” is more than likely a virus, and should be deleted. Zip files are also another way this virus is reported to being sent to users. Paying close attention to your activity while on the internet, avoiding downloading any unknown files or updates, as well as keeping up-to-date virus protection will also help keep your files from being infected with this virus. There is also a program that has been developed by other IT professional out there to lock your computer from being susceptible to this virus. The great minds at Foolish IT have made a tiny program called CryptoPrevent (click the link for the installer) which will make those folders CryptoLocker targets for install unusable for the virus. Be careful with this if you are unsure of how to use it. Most of the time the default settings should be fine to run but if you already have the virus (or other viruses) it will not help you. If your computer is currently infected with other malware or viruses, it is recommended to have it cleaned up by a professional, so those viruses don’t bring this one in with them.
As the image of the virus shows, you are given approximately 100 hours to pay the ransom to have your files decrypted. It is reported that after this time, the key to decrypt your files is destroyed, leaving them encrypted essentially forever. Though, there are some reports that you can pay an increased ransom amount after the expiration date to unlock your files. The encryption method the virus creator uses is a very, very secure way of locking the files. To put it in comparison, PayPal uses a 128-bit encryption method for your data on their servers, whereas this virus uses a 2048-bit. The higher the encryption, the harder it is to break the code. As of right now, there is no active way to decrypt the files without paying the ransom. On top of all of that, there are reports that any tampering with the virus itself, whether it be a removal attempt, or decryption attempt, sets off a trigger in the program that immediately deletes the decryption key.
If you keep important data on your system, I very highly recommend performing a full system backup as soon as possible, or even registering for an Online Backup Solution. This way if you are infected with the virus, you can simply have a computer store reload your computer with your current Operating System, and restore your data. This bypasses paying the ransom, which in turn discourages these criminal virus developers as they are not getting paid for their work. However, this method is not 100% foolproof as well. There are a few things that this virus does differently than others like it in the past. This virus is smart enough to target external hard drives, flash drives and network shared folders on the infected PC. Because of this, if your backup drive is actively attached to the PC at time of infection, your backups will be locked as well. Also, if your offsite backup software backs up in a “real time” method, it will backup the infected files to your offsite backup almost immediately. You can restore your “previous versions” of the files but this method is usually very time consuming (especially if you have thousands of files). Otherwise, currently the only way of restoring your data without a backup method is paying the ransom. Then, have your computer serviced by a professional to make sure the virus is completely removed afterwards and that you are completely up to date on your protection software. If you do find yourself infected with the virus, it is recommended to immediately disconnect yourself from the internet, turn your system off, and bring it to a local computer professional.
The best option at this point is to do preventative measures to keep your data safe before you become a victim.