Beware of CryptoLocker

A new, dangerous, form of malware was released into the wild: CryptoLocker. In the past, most malware or viruses were more annoying than dangerous. They changed your default search engine, the caused pop-ups, they changed system settings – but you were usually able to recover from a virus attack. CryptoLocker is different and very dangerous.

CryptoLocker is a sophisticated program. When it gets on to your computer, it communicates with one of its many servers around the [CryptoLocker]  world. The server then sends back information to the computer that CryptoLocker uses to begin encrypting your files. It looks for any documents, spreed sheets, photos, etc. and then encrypts them with virtual perfect encryption. If you have a network share on your computer (often designated as a drive on your computer – such as the “Z” drive that connects to your firm’s server), CryptoLocker encrypts files on that drive as well. You are unable to access any of these encrypted files.

CryptoLocker then displays a message, like the one here. You have 72 hours to pay them $300 or the key that you need to decrypt the files will be destroyed. Any attempt to remove CryptoLocker will automatically result in the destruction of that key.

Sophisticated computer forensic and password cracking software, like what is used at Chase Technology Consulting, cannot crack the encryption from CryptoLocker. Your only choice to get those files back is to pay the $300.00.

So what can you do?

First – have backups! If you use an automatic backup system like Carbonite or BackBlaze, you can recover your files from there. Dropbox and other cloud storage/sync servers will NOT protect you. You Dropbox folder will be encrypted just like every other file and that encryption will automatically sync with all of you other devices using Dropbox. Only backups that have “versioning” will be able to help. Versioning is when a service keeps old versions documents. So when an update is made to a document, the backup service keeps a copy of the old version and the new version. This means when CryptoLocker encrypts the document, the old, unencrypted version, will still be on your backup service.

Second – be smart and cautious. Do not open zip files from emails that look suspicious. Do not download from sites you do not trust. Do not run programs you have not heard of before. Stop CryptoLocker before it gets on your system by taking these steps. No virus program and stop CryptoLocker, and once it is loose on your computer, there is nothing you can do. You have to prevent it from ever getting on your system by avoiding files/programs that might be infected with CryptoLocker.

CryptoLocker is a very dangerous program and you do not want to have to recover after their attack. Take steps now to ensure you are protected. Call Chase Technology Consulting for a full office security consultation to make sure your systems are protected.