CryptoLocker - Dangerous ransomware

What is CryptoLocker?

CryptoLocker is malicious software that encrypts your data files (word, powerpoint, pictures, music, videos, etc.). The nefarious individuals then hold your data for ransom and try to extort money from you.

 

What computers are at risk?

All computers using Windows XP 2, Vista, 7, 8 and 8.1. This includes any Apple or Linux based computers running Windows in a virtual environment like Bootcamp, Parallels or VMWare.

 

What is encryption?

Encryption encodes your data so only you and authorized people or authorized websites can read the data. Example – When you use a banking website that has “https” in the address bar, the information you transmit to and from that website is encrypted/encoded.

 

Why is it dangerous?

The encryption designed to safeguard your data is used against you when CryptoLocker infects your computer. Your data files are encrypted with a unique key that only the malicious people/hackers have access to. Encryption can not be broken at this point in time without the key. When your data is encrypted and the key is lost, the data is essentially lost forever.

 

How can I protect my data?

  1. Backup your data to another location (network drive, external hard drive, cloud storage, etc.)
    1. Disconnect that drive when you are NOT backing up your data to it.
  2. Consider paying for an online backup solution.
  3. Disconnect all drives that you are not actively using.

What if I think my computer is infected?

  1. Disconnect the computer immediately from ALL networks, wired or wireless.
  2. Contact the proper IT support group.

How can I avoid the malware infection?

  1. Don't go to online porn sites, which are often the source of malware downloads. 
  2. Take care when clicking on adverts; never open Twitter links and attachments from people you don't know or trust.
  3. Personally owned computers - 
    1. Download and run the CryptoPrevent tool - http://www.foolishIT.com/download/cryptoprevent/ 
    2. More info about that tool can be found here - http://www.foolishIT.com/vb6-projects/cryptoprevent/
  4. Do not download files from Torrenting services. These files are often bundled with malware infections.
  5. Use safe web browsing habits - http://oregonstate.edu/helpdocs/safety-and-security/computer-viruses-fraud/safe-browsing-habits

How can I protect my computer?

  1.  Make sure your operating system is up-to-date with the latest security patches. http://oregonstate.edu/helpdocs/safety-and-security/securing-your-computer
  2. Install the latest versions of your internet browsers and update add-ons such as Java and Adobe Flash. Using a program like Secunia PSI to keep up with those updates is useful.
  3. We suggest installing antivirus software, like ClamXAV for Mac OS and Windows Defender / Security Essentials for Windows, all available for free. Ensure that is updated frequently. Configure it to scan your computer on a weekly basis.
    1. Personal computers - http://oregonstate.edu/helpdocs/software/recommended-software/symantec-endpoint-protection
    2. OSU owned work computers are supported by IT staff. If you have questions about that, please contact your IT support group.

Other sources of helpful information about CryptoLocker

  1. http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information 
  2. http://en.wikipedia.org/wiki/CryptoLocker
  3. Kaspersky Virus Removal Tool from the following page, requires request form: http://www.kaspersky.com/free-virus-removal-tool
  4. Test tool from BleepingComputer - checks your files to see if they have been encrypted: http://download.bleepingcomputer.com/grinler/ListCrilock.exe