The Cryptolocker ransomware has been hitting the headlines since summer last year, so here is a simple 101 of what it actually is, how it works and most importantly: how to protect yourself from it.
So, what exactly is Ransomware?
A type of malware that severely impacts the normal use of a computer, usually accompanied by a pop-up window requesting payment or making other demands in order to restore the computer to its former state. The most sinister varieties even encrypt files by putting a coded password on them, making it difficult or even impossible to recover any data – and Cryptolocker is one of those nasties.
So, what makes Cryptolocker so special?
Most ransomware infections can be avoided and/or removed with standard Anti-Virus software without having to pay the ransom – this is where Cryptolocker is different.
Many of the well-known Anti-Virus software out there struggled to protect systems from infection – most can now remove them, but only after the damage has been done.
Cryptolocker sneakily encrypts the files on your computer without your knowledge and only when it has finished will it show itself and ask for a ransom in Bitcoins: usually between £200 – £1400 dependant on the current Bitcoin value and on how long you have waited to pay. Only then will you be given the secret key code necessary to decrypt the files and make them usable again.
At the time of writing this blog, no Antivirus software seems to have been able to offer a decrypting solution and although the FBI and probably lots of other law enforcement agencies are investigating, the creators (and beneficiaries) are yet to be found and put a stop to.
Cryptolocker seems to mostly spread through attachments in phishing emails (emails pretending to be from someone legitimate like your bank or Amazon) as well as websites using doors opened by other malware already on your computer.
Once Cryptolocker has infected your computer, it can access all connected network drives, so basically everything you can access yourself through Windows Explorer – that includes USB drives and even some Cloud storage folders if made to appear as a drive letter.
First of all you obviously need to have a decent Anti-Virus software installed on your system to protect yourself from any type of malware, not just this little nasty.
Surfright (the creators of Hitman) have released a free extra web protection tool “Cryptoguard” and it is also well worth thinking about tightening your Windows permission with the help of Kryptoprevent.
Unfortunately, in many cases, the Anti-Virus software is not able to stop this virus (ESET seems to be doing ok) and the only other solution available to you is to make sure you have a proper back-up system in place. However, remember that whether you upload to the Cloud or back-up to an external hard drive – make sure you disconnect the hard drive after as the Cryptolocker will encrypt all connected drives!
Keep in mind that Cryptolocker does not show itself straight away, so make sure to keep several clean data back-ups.
Help – I think I am infected
Don’t panic, but do act immediately:
- shut down your computer
- disconnect your computer from networks and internet and external drives
- run a virus scan from your AntiVirus recovery disc if available (without loading into Windows)
- restore files from your (clean and checked) back-up – you can get re-infected, so it might be worthwhile to wipe your drive and start afresh
As with any ransom situation, the police’s general advice would be to not pay up.
Help – I do not have a current backup
Yes, we all know we should backup, not just for malware reasons but also in case of failing hard drives – but what if you do not have a back-up?
If you have system restore enabled, you might be able to recover individual files, by right-clicking the file and going to the tab “previous versions” – however, this is not only tedious but often simply does not work.
Have PC Harmony,
So you can concentrate on the more important things in life…