11/12/2013
So you’re happily working on your Windows computer, getting stuff done. Little do you know, your personal files are rapidly being encrypted so that you can’t access them. Suddenly, an alert appears on the screen—you have 96 hours (or four days) to pay $300 or lose all your encrypted personal files forever. A countdown is already ticking on your screen.
CryptoLocker is the latest and most damaging Windows virus in a series of recent ransomware Trojans. The relatively large amount of money it demands, combined with the tight deadline, make it far more aggressive than other similar viruses. And unfortunately for us, it’s spreading more rapidly than any of its contemporaries.
It is spread through an email that appears to be a tracking notification from UPS or FedEx. You would have to open the attachment within the email. Hiding inside that zip file is a double-extension file such as *.pdf.exe. The .exe file lets CryptoLocker run on your computer, while the innocuous .pdf extension hides the file’s true function.
Make sure you keep regular and recent backups of all your files. This goes double if you’re a business that shares a drive or folder across multiple computers, since CryptoLocker is known to target shared files for encryption first.
--Eradicating An Infection--
It’s all well and good to prepare, but what if you already are infected? Despite the virus’s warning not to “disconnect from the Internet or turn off the computer,” this is exactly the first order of damage control.
The only thing turning off your computer does is keep the virus from continuing to infect.
In fact, unplugging your computer may save some of your files, if the virus is still in the process of infecting them.
Next, you need to figure out what damage has been done. Which files have you lost? Do you have backups of these files? If you don’t have backups, have you checked Windows’ System Restore files, which sometimes automatically back up the computer for you?
If you can help it, do not give in to extortion.
You should never pay these guys ransom, it’s just going to encourage malware authors to create similar viruses.
--Does Paying Ransom Work?--
Say that for whatever reason you don’t have a backup and do want to pay the ransom. The criminals behind CryptoLocker make it very easy to do.
Even if you haven’t made your payment before the deadline, they’ll still let you pay. Only this time, instead of 2 BTC (€300), it’ll be 20 BTC.
Since victims have reported that paying the ransom does work, this is your best hope for getting the encrypted files back. There’s no way to track the criminals through the decentralized currency they’re accepting payment through, and their encryption methods are simply too strong to unlock without a decryption key.
With no way to prevent CryptoLocker in sight, the most imporant thing is to make sure people know about the virus before they get infected.
Awareness is the first step. Make sure your employees, or your family, know this virus is out there.
