Within the last month, Internet security companies have discovered a new type of “ransomware” named Cryptolocker.
Ransomware has been around for a while. You may have seen those fake popup windows that show up on some websites saying “Your Computer is Infected! Click here to clean it!” Once you click, you’re prompted to run some shady software, and then that software keeps throwing up “Pay me or these screens will keep popping up” warnings.
Rogue antivirus software is the most common type of ransomware, but Cryptolocker puts a new twist on holding your computer hostage…and it’s both genius and a scary at the damage it can do. Unlike rogue antivirus software (which pretty much just keeps generating pop-up windows), Cryptolocker searches out all of your documents, photos, music files…anything you hold dear on your computer, and then proceeds to encrypt them with military-grade encryption. After it does this, a countdown screen appears and you have until the timer runs out to pay $300 (US) to obtain the key. As mentioned this is military grade encryption, meaning it has one key to unlock your files, and if that key is lost not even the NSA can get your files back.
Cryptolocker is spread through email using “Phishing” attacks. You may receive an email that looks like it came from a legitimate company saying something like “Attached is this week’s payroll file” or “These are the proofs from the photo-shoot”. There is usually a file attached (the most common file types are .zip or .pdf), and once the file is opened the virus executes.
Targeted files are those commonly found on most PCs today, which include those with the extension:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx
In some cases, it may be possible to recover older versions of your files using Windows System Restore. The geniuses over at Bleeping Computer have more information on how you can try this.
Removal and Prevention:
Cryptolocker has no reliable fix available. The virus can be removed by most antivirus software (such as MSE, TOAST.net’s Managed Antivirus, and others), but if the virus is removed from your computer the file encryption remains. Once the damage is done, there’s no going back. The best thing to do is make sure you’re prepared.
Backup and Be Safe
The best defense against Cryptolocker is off-site backups. Backing up your important files with secure cloud services is one way to keep your information protected. For instance, TOAST.net’s Online Backup allows you to install a small program on your computer, and it will automatically back up your files to a secure server. Anytime you need a file restored, you just request it from your backup software and it gets restored from the server. Since copies of your files are stored off of your computer, they can not be affected by viruses.
TOAST.net customers with Google accounts can also use the built-in Google Drive and Google+ features to store documents and photos. These free services are available by clicking the square Apps button in the top right of your email screen.
The best offense in this case is a good defense. Keep your important files safe, keep your PC security up to date, and Cryptolocker will not be anything to worry about.