CryptoLocker is the next generation of internet virus that is currently circulating all over the world in large numbers. Once a computer becomes infected it will lock all your files plus any network files it has access to, even your server. Once the files are locked it will give you a three day countdown to pay the ransom, usually $100 or $300. If the time expires your files are locked with no option to pay the ransom.
Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key.
The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.
Below is an image from Microsoft depicting the process of asymmetric encryption.
The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.
Currently there are only two known methods to remove the infection, restoring your files from a backup or paying the ransom. Please be aware that paying the ransom is not guaranteed to work. We don’t condone paying the ransom and supporting these cybercriminals.
What makes CryptoLocker exceptionally dangerous is the fact in most cases it can pass right through all Anti-virus protection suites. Usually this occurs by these methods:
- In the form of attachment, usually disguised in an email appearing to come from your bank, insurance company or courier service or scanner.
- Through Trojan websites, which will ask you to download a piece of software in order to watch video clips or download songs off the internet.
- Through exploit kits, specific websites with similar names to popular ones, just waiting for people to miss-type the address and think they are on their favourite website.
Advice for prevention
- Do not open attachments if you are unsure of the contents or the email was unexpected.
- Look for clues in the email content, usually most legitimate emails will address you by name and not something generic like ‘customer’ with vague wording.
- Do not click on website links in emails until you have viewed the link location (do this by hovering over the link, this will display the link right at the bottom of Outlook). Instead of clicking the link, you are best to manually browse to the website via your web browser.
- Make sure your anti-virus is updated regularly
- Make sure your backups are current and working and backing up ALL critical data
If you get the virus
- Stop work
- Immediately disconnect any network drives
- Contact us
Alert other users of the issue, as most likely any work done will be overwritten when the backup is restored.