Skip to main content

CryptoLocker Is The Nastiest Malware Ever & Here’s What You Can Do

Ransomware is an especially odious type of malware. The way it works is simple. Your computer will be infected with some malicious software. That software then renders your computer entirely unusable, sometimes purporting to be from local law enforcement and accusing you of committing a computer crime or viewing explicit pictures of children. It then demands monetary payment, either in the form of a ransom or a ‘fine’ before access to your computer is returned.
Horrible, isn’t it? Well, get ready to meet CryptoLocker; the evil patriarch of the Ransomware family.

What Is CryptoLocker

CryptoLocker is a piece of malware targeting computers running the Microsoft Windows operating system. It is typically spread as an email attachment, often purporting to be from a legitimate source (including Intuit and Companies House). Some say it is also being spread through the ZeuS botnet.
Once installed on your computer, it systematically encrypts all documents that are stored on your local computer, as well as ones that are stored on mapped network drives and mounted removable storage.
cryptolocker-example
The encryption used is strong, 2048 bit RSA, with the decryption key for your files being stored on a remote server. The odds of you being able to break this encryption is almost nonexistent. If you want to get your files back, CryptoLocker asks for you to fork over some cash; either two bitcoins (At the time of writing, worth almost USD $380) or $300 in either MonkeyPak or Ukash prepaid cards. If you don’t pay within three days, the decryption key is deleted and you lose access to your files forever.
I spoke to popular security expert and blogger Javvad Malik; this is what he had to say about CryptoLocker.
Ransomware such as CryptoLocker is not something very new – variations of Ransomware have been around for years. When you look at CryptoLocker, it predominantly comes in via phishing emails (from what I’ve seen). The best way to protect against it is for users to be vigilant against clicking on links within emails. Currently, it looks like there’s not much that can be done once infected and I wouldn’t advice anyone to pay the ransom. It goes back to having backups and data management in place.

Mitigating Against It

Reports suggest that some security programs have had a hard time of preventing CryptoLocker from getting its claws onto your system before it’s too late. Fortunately, American security expert Nick Shaw has created a handy piece of software called CryptoPrevent (free) . This applies a number of settings to your installation of Windows that prevents CryptoLocker from ever executing and has been proven to work in Windows XP and Windows 7 environments.
It’s also worth making sure that you check emails to see if they’re suspect before you open up any email attachments. Do they have an email address that matches up with the purported sender? Were you expecting any correspondence from them? Is the spelling and grammar consistent with what you’d expect from the genuine sender? These are all reasons to be suspicious of an email and to think twice about poking in any attachments.

Having Proper Backup

In these circumstances, I’d encourage everyone to make regular backups that are isolated from your computer. Using a networked backup solution will be utterly ineffective, as CryptoLocker has been known to encrypt data stored on these volumes.
cryptolocker-backup
If you use a cloud backup service like Carbonite, you can take comfort in knowing the odds are good that your files are versioned. That means if you back up an encrypted copy of a file you care about, you can revert to an earlier version. An employee of Carbonite posted this advice on Reddit.
I work for Carbonite on the operations team, and I can confirm this for most cases – I will also offer these two pieces of advice:
1) If you are affected by the virus, you should disable or uninstall Carbonite as soon as possible. If you stop backing up the files, it’s more likely that Carbonite will not have overwritten a “last known good” backup set. There is a high risk of some recent data loss (you’re effectively going back in time, so if we have no record of the file existing at a previous time, you won’t get it back) with this method, but it’s far, far better than losing all of your files.
2) When you call customer support, which you should do as soon as possible, specifically mention that you are infected with cryptolocker. It was mentioned in the post above, but I just wanted to put emphasis on it because it’ll get you through the queue faster.
Edit: also, just to state the obvious, make doubly sure the infection is off your machine before you call support, please.

Should You Pay The Ransom?

What if your computer gets compromised? It goes without saying that brute forcing a file encrypted with 2048 bit encryption is almost impossible. Noted computer security firm Sophos has looked at a number of files that have been encrypted by this particular malware and has failed to notice any obvious means in which they can be decrypted without forking over a ransom.
With that in mind, the only way to get your data back is by paying the ransom. However, this poses a major ethical dilemma. By paying the ransom, you make this type of chicanery profitable and therefore perpetuate it. However, if you don’t pay the ransom, you forever lose access to everything you’ve been working on which is stored on your computer.
What further complicates things is that it is impossible to ascertain who would be the recipient of any money paid. It may something so simple as a single person working from his bedroom looking to get rich at the expense at others, or it might be something much more sinister.

Popular posts from this blog

How To Hide Text In Microsoft Word 2007, Reveal It & Protect It

Sometimes what we hide is more important than what we reveal. Especially, documents with sensitive information, some things are supposed to be ‘for some eyes only’. Such scenarios are quite common, even for the more un-secretive among us. You want to show someone a letter composed in MS Word, but want to keep some of the content private; or it’s an official letter with some part of it having critical data. As important as these two are, the most common use could involve a normal printing job. Many a time we have to print different versions of a document, one copy for one set of eyes and others for other sets. Rather than creating multiple copies and therefore multiple printing jobs, what if we could just do it from the same document?  That too, without the hassle of repeated cut and paste. We can, with a simple feature in MS Word – it’s just called Hidden and let me show you how to use it to hide text in Microsoft Word 2007. It’s a simple single click process. Open the docum...

Build Your Own Awesome Personal 3D Avatar with Avatara

Do you use social networks and want to build your own awesome 3D avatar? Maybe you want to send someone a cute cuddly image of yourself (kind of)? Or maybe you have your own ideas of what you would do with an Avatar… Well look no further than Avatara which I discovered from the MakeUseOf directory . You can create 3d avatars out of pre-set up templates or create your own from scratch. To start, visit Avatara’s homepage . You will see this screen: Click Get Started to umm, get started! That will take you to this screen: You see that you can build your own Avatar using an uploaded head shot like the Obama one above (just an example, guys). Or roll with one of their awesome avatars. I chose to start with a blank avatar by clicking Start with a blank avatar at the bottom of the screen. That takes you to here: I clicked on the filter at the top and told it to filter out everything but male characters and then I saw this: I rolled with Buck and continued. You need to click Select...

Ex-Skypers Launch Virtual Whiteboard Deekit

Although seriously long in the tooth and being disrupted by a plethora of startups, for many years Skype has existed as an almost ubiquitous app in any remote team’s toolkit. So it seems apt that a new startup founded by a team of ex-Skype employees is set to tackle another aspect of online collaboration. Deekit, which exits private beta today, is a virtual and collaborative whiteboard to help remote teams work smarter. The Tallinn, Estonia-based startup is headed up by founder and CEO, Kaili Kleemeier, who was previously a Head of Operations at Skype. She and three colleagues quit the Internet calling giant in 2012 and spent a year researching ideas in the remote team space. They ended up focusing on creating a new virtual whiteboard, born out of Kleemeier’s experience collaborating with technical teams remotely, specifically helping Skype deal with incident management. “Working with remote teams has been a challenge in many ways – cultural differences, language differences, a...