by Lou Person on Dec 19, 2013 in Cloud Journey
CryptoLocker is the latest in criminally driven and aggressive virus technology. It first surfaced in 2013, and is essentially ransomware that targets computers that run Microsoft Windows. It is most commonly deployed into seemingly legitimate email attachments, disguised often as a tracking notification from UPS or FedEx. This infection can infect anyone anywhere in the world, so no user is safe. However, it should be noted that just opening the email is not what spreads the virus: it’s the zip file inside of it that holds the true assailant. Hiding within that zip file is essentially a booby trap: a double-extension file such as *.pdf.exe* that, when clicked on, begins the countdown to the threatened annihilation of personal files. The .exe file is what enables CryptoLocker run on your computer, while the inconspicuous .pdf extension camouflages the file’s true function so that you are unaware of what’s happening until it’s too late.
What happens next is truly violating. As CryptoLocker is enabled to run on your device, it encrypts your personal files rapidly, holding them hostage while you lose access to them. You are then alerted that you have a certain (short) amount of time to pay a ransom or lose all your encrypted personal files forever. Because CryptoLocker requires payment via MoneyPak or Bitcoin (both of which harness private, decentralized fund-exchange networks), it’s much more difficult to follow the money and track down the perpetrators.
The following tips will help you thwart a CryptoLocker attack, and if you have already become infected, help you avoid paying the ransom and further, eradicate this antagonistic virus:
First, maintain a backup of all files. This should be common practice to avoid any type of technological invasion, and is your best ally against this kind of attack. Cloud-based backup solutions are advisable for business professionals and consumers alike, as Cryptolocker may even go after backups located on a network drive that is connected to an infected PC, in which case a local backup is not nearly enough. Most importantly, keep the backup completely separate from your computer in order to prevent CryptoLocker from encrypting your backups as well.
Run antivirus software. Again,this is exponentially important in maintaining security in all facets of business and personal information privacy. It can also be used later to rid your device of CryptoLocker, should you be attacked.
Use CryptoPrevent. Created by American security expert Nick Shaw, this tool applies a number of settings to your installation of Windows that prevents CryptoLocker from implementing itself.
Set a software restriction policy. This will prevent any executable application from running from certain locations on your hard drive. A built-in defensive force field, of sorts.
Be cautious. Make it a habit not to open unsolicited email attachments or cluck on any unknown links, no matter how legitimate they may seem. The more security savvy you are, the more you can reduce the chances of being hit by CryptoLocker.
Already Infected? Don’t give in to extortion! Giving in will only encourage malware authors to create similar viruses.
1. Disconnect from internet – You may be warned not to do this, but this is the first step in stopping an attack from perpetuating all of your files.
2. Turn off your computer – This can save some files from becoming infected and essentially, stop the attack in its tracks.
3. Assess the damage and files lost – Check Windows’ System Restore files if necessary to retrieve data that was not backed up.
4. Wipe your computer clean – Work with your regular antivirus software, or follow a tutorial. Fortunately, most antivirus software has a CryptoLocker cleanup tool, so this should be fairly straightforward.
5. Restore your backup and maintain precautions to ward off further attacks!
Those behind CryptoLocker have undoubtedly used innovative wit to evolve extortion, but if you follow these tips, you will eliminate the chance of finding yourself in the unpleasant situation of having to choose whether to pay the ransom, or never gain access to your data again.