Beware of Cryptolocker: What is it, how to avoid getting infected, and what to do if you are

Posted on: October 31st, 2013 by billp | No Comments

A new and frightening escalation in the virus world is circulating the Internet.  A virus called Cryptolocker has been infecting PCs through an email attachment. The virus runs and encrypts data on your PC as well as on shared drives that may reside on servers or network attached storage (NAS) devices. The effects are devastating.  

If your system is infected, your local and server-based files will be encrypted. A message will be displayed informing you that your personal files have been encrypted and you need to pay up to 300 USD (the amount seems to change), or a similar amount in another currency.

th-paypage-4801

You will also see a countdown timer. If the timer reaches zero, your encrypted data will be deleted. The virus uses very high-level encryption so brute force decryption would take years – perhaps hundreds of years – which obviously is not an option.

Security software might not detect Cryptolocker or detect it only after encryption is underway or complete. Although Cryptolocker itself can be trivially removed, this does not decrypt files, and may make it impossible to recover them by paying the ransom (which we don’t recommend doing regardless).

What can you do?

  1. Educate yourself and your employees about this malware and introduce or reinforce a policy of not allowing employees to install software on business PCs.

  2. Be particularly cautious of unexpected email coming from known or unknown senders. Attackers may use slight variations in spelling in the sender (i.e. sender@fdex.com instead of sender@fedex.com) to make you believe the email is legitimate.

  3. Email attacks are fairly easy to avoid if you never open attachments you weren’t expecting or from people you don’t know well.

  4. Back up your files. If you have a server, store your files on the server and back up the server every night, preferably with a reliable and monitored solution such as a Backup and Disaster Recovery (BDR) appliance. If you don’t have a server, use a product like Colden Company’s Backup-as-a-Service (BaaS) to back up your local file data securely and off-site.

  5. Run anti-malware software and make sure it it regularly updated. For extra protection, use Colden Company’s Managed Anti-Virus, based on proven malware-fighting technology and constantly monitored by Colden Company.

  6. If you get infected, remove your PC from the network by unplugging your network cable and then call us immediately. This will minimize the risk of spreading the malware to other systems and allow us to determine the best way to help you.

If you have any questions or need help protecting your systems or recovering after an infection, call us at (888) 600-4560, email us at info@coldencompany.com, see us on Facebook, or follow us on Twitter.

Tags: , ,

Leave a Reply