In short CryptoLocker is ransomware and, as the name suggests, the purpose of this malware is to hold you to ransom and extort money from you by encrypting your documents so that the only way they can be recovered is to pay the people that have done it so that they decrypt the files.
Some key facts:
- If your files are encrypted there is no way that they can be decrypted without the pass key and the only way to get that is to pay for it.
- There is no guarantee that if you pay your files will be decrypted as they are criminals.
- If you do pay and the files are decrypted, then your credit card details will more than likely be sold on (or used directly) for other fraudulent activity as after all they are criminals.
How/why is CryptoLocker getting in
The main way that it is being transmitted is as a Zip file attachment on an email which contains an executable file which the user then clicks on and runs. Frequently these emails will look like they have come from a legitimate source such as Amazon, Apple, Adobe etc. making it easy for users to mistakenly open.
We have seen lots of other emails saying things like “your mobile phone order is ready” or some other type of delivery is on route and they have all contained a Zip file so it’s likely that they are also carrying the same malware.
We have also seen cases where PDF attachments have contained the virus which, once clicked on, contains an executable and subsequently infects the machine.
Up front precautions
Making sure that your network is up to date with MS patches and the AV system is very important but you can’t guarantee that even a fully up to date network will be ahead of the criminals as the malware is continuously mutating.
NEVER EVER open a zip file unless it is from someone that you know and the file is something that you are expecting at that particular time. Also if the email is from someone you know and expect but looks like it’s written in a strange way for that person then ring them up and check as the way an email is written will often be a very telling factor.
If you are working with Zip files regularly then you must make sure that your machine is completely up to date with Patch’s and AV files as the risk of accidentally opening an infected one will clearly be higher.
With so many more mobile devices being used in a business environment it is very difficult to keep track of everything and to make sure that all devices are included in the scanning/monitoring etc. and thus most networks will have some weaknesses regardless of how diligent you are.
An up-to-date backup is your only real defence
The Golden Rule and only real answer to CryptoLocker, and other ransomware, is having an up to date back up of your data as a machine can be cleaned and re protected but without the pass key to decrypt the locked files your data is completely lost forever. If you have a backup then we can simply restore the data to a clean machine and while this is a total pain and time consuming it is far better than the alternative.