CryptoLocker is a series of Ransomware infections that have been classified as extremely dangerous and recommend to be removed immediately. Cryptolocker is the most sophisticated and destructive virus ever written to date and is rapidly expanding across the globe. Online users are being exposed to this virus at an alarming rate. Users are being tricked into running this dangerous program on their computer. The program is said to encrypt all important data on the computer as well as network servers, rendering years worth of data and documents useless.
This new variant of Ransomware restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover files. As of this time, the primary means of infection appears to be phishing emails containing malicious attachments.
CryptoLocker appears to be spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. In addition, there have been reports that some victims saw the malware appear following a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground.
This virus can find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. If one computer on a network becomes infected this could also happen to mapped network drives. Once your computer is infected, CryptoLocker then connects to the attackers’ servers and completes an encryption process.
Victims are told they have three days to pay the attacker through a third-party payment method. Some victims have claimed online that they paid the attackers and did not receive the promised decryption key.
US-CERT, a department within Homeland Security, encourages users experiencing the ransomware infection NOT to make payment in response to these extortion attempts. Instead, report the incident to the FBI at the Internet Crime Complaint Center (IC3).
Preparing for CryptoLocker
You can protect yourself from this type of blackmail virus by:
1. Make sure that you have an up-to-date backup of your data. Jan Hurwitz, Co-Owner of MegaByte Systems states, “For those clients who have deployed removable devices such as external hard drives as part of their backup strategy, we are now recommending that these devices be attached immediately prior to the backup process. After the backup has completed, disconnect the removable device. If you are not utilizing a removable device in your backup strategy, it is now an important thing to do.”
2. Maintain up-to-date anti-virus software.
3. Keep your operating system and software up-to-date with the latest patches.
4. Use caution when opening email attachments. For more information on the topic of safely handling email attachments, The US-Cert has published a paper, Using Caution with Email Attachments.
5. Do not follow unsolicited web links in email messages or submit any information to web pages in links.
If You Get the CryptoLocker Virus
1. Disconnect your computer from the internet immediately. Take it off line from your wireless or wired network. Or, turn off your computer.
2. Call us at MegaByte for assistance (570) 296-5979.
You can read more on this virus from reputable sites such as US-Cert, PC World and other trade publications. We have included some links below:
There is a tremendous volume of information coming out very quickly as the industry figures out how to fight this virus. We at MegaByte Systems will be monitoring the information on CryptoLocker for prevention and removal strategies. In the meantime, once infected, your data will be encrypted and not accessable.
If you are unsure of the status of your antivirus and anti-malware programs, or if your computer software is not up to date, or you are unsure of your backup system, or do not have a backup system, we can assist you in getting a backup strategy in place.