What Is CryptoLocker & How Long Has It Been Out?
CryptoLocker is a type of malicious malware program or virus commonly called ransomware that was released around the beginning of September 2013 and as of right now seems to just target windows machines.
How Do People Get Infected With This Virus?
People generally get infected by opening up an officially-looking email that has an attachment or sometimes it can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins or if your computer already has malicious software installed it can automatically download and install it.
Typically though, most infections come from an email with an attachment notifying you about missing payments, taxes, purchases, or late UPS orders. It’s mainly a common email that can easily prompt people to open an attachment. As soon as such attachment is opened, your computer gets infected and the virus immediately begins silently searching for all of your documents, photos, and videos, encrypting and locking you out of everything it finds.
What Type Of Attachment Is The Cryptolocker Virus Found In?
Usually the attachment is in a compressed .zip format and when the user opens it just by clicking on the attachment the file will automatically unzip itself into a folder on your computer and inside that folder is a hidden executable file masking as an acrobat PDF file. When you try and open it though Cryptolocker activates and installs itself onto your computer.
Will People Notice They Are Infected?
No. Computers infected with CryptoLocker may initially show no outward signs of infection; this is because it often takes many hours for the malware to encrypt all of the files on the victim’s PC and attached or networked drives. The only way to truly see remnants of the program is to go into TASK MANAGER and you will see several strange named programs running alongside your standard ones. If you have a slow computer you might notice it slow down more than normal.
What Does CryptoLocker Do When You Get Infected?
Shortly after Cryptolocker becomes active on your system it makes a secure connection to a remote Cryptolocker server (in a method that is very difficult to track if you are trying to find out where the sever is) via your Internet connection and a very secure pair of cryptograpic keys are then generated. The first of these keys is called a PUBLIC KEY and this key is sent back to the infected computer and used to encrypt and lock up all your data.
Files found on your cloud-based drives like Dropbox, Google Drive, shared network drives, connected external hard drive, thumb drives, memory cards, and finally local document files like Word, Excel, Powerpoint, along with all of your videos and photos will be encrypted on your computer and unusable unless you have the the second of these keys called a PRIVATE KEY. This key stays on the Cryptolocker server until you pay the ransom (usually it is 300 USD) and so without it you will not be able to open or decrypt any of your data.
So, for anyone who is not willing to pay the ransom and does not have a backup copy of their files that is NOT currently attached to their computer they are out of luck.
How Does The Ransom Payment Work?
Once Cryptolocker has finished encrypting your files, it will remove your current desktop background with a red warning message along with popping up a CryptoLocker payment program window that prompts you to send a ransom of $300 in USD currency in the form of either Bitcoins or MoneyPak vouchers to pay for the PRIVATE KEY.
This payment program window will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete the PRIVATE key it has and therefore you will not have any way to decrypt and access your files.
Why Is The Payment In Bitcoins or MoneyPak Vouchers?
Ransoms must be paid using either MoneyPak vouchers or Bitcoins because these two digital currencies are currently untrackable and untraceable – meaning you can’t find out the receiver of the money.
Will Your AntiVirus Detect It?
Yes, most current antivirus software programs should catch it if you are up to date and you have live or on-access scanning enabled. Even if you don’t have live scanning enabled and your antivirus does not detect it, you can install one that does, scan your system and remove it even while you are infected.
If you are in the market for a new antivirus I would recommend either of the following:
1. AVG Antivirus Free Edition (www.avg.com)
2. Bitdefender Antivirus Free Edition (www.bitdefender.com)
3. Malwarebytes Anti-Malware (www.malwarebytes.org)
One thing to keep in mind though, even if you remove Cryptolocker you will notice that all of your files will still remain encrypted and unusable. And since you just removed the only method of decrypting your files (online digital payment) you are now left with years of lost photos, documents, and videos. For some people who do not have an offsite copy of their files (meaning a copy that is not currently attached to their computer) $300 does not seem too much.
What Can You Do If You Get Infected?
Fortunately, there are several options available to help against Cryptolocker:
- You will need to remove Cryptolocker either by updating your antivirus program or installing one that will detect and remove it. Again, either AVG, Bitdefender or Malwarebytes should take care of that.
- If you have backups that are not affected then you can rely on them.
- You can also use the System Protection/Restore or the file history option that is built right into Windows. In either those cases you should be able to essentially roll your system or files back to a time when it was not affected since Windows automatically creates previous versions of files and folders that have been modified since the last restore point was made. Typically, restore points are made on your computer in the background without you noticing once a day.
- You don’t want to give into the ransom demands immediately even if the warnings state that you should. That should always be your last resort.
How Can People Ensure That They Don’t Get Infected With Cryptolocker?
- Because this virus has been out for a while now, most malware and antivirus programs will detect it so I would recommend making sure you keep those programs updated.
- Ensure your web browser plugins like Adobe Flash are kept updated.
- Also, you want to be very careful opening attachments especially if it says it’s from your bank. In most cases banks will not email you an attachment.
Getting Infected With Cryptolocker: