CryptoLocker is a type of malicious software known as ransomware. Other ransomware may appear to “freeze” your computer until you pay a fee, typically with a credit card, but CryptoLocker is different. It actually encrypts user files (Office documents, PDFs, pictures, etc.) using strong public key encryption, and then stores the private key required to decrypt the files on a remote server controlled by the attacker.
The malware will then usually give the user a short time period (e.g., 72 hours) to pay for the key. There are cases where the payment has been accepted and the files are then decrypted, but there are also reports of files not being decrypted after payment. Regardless, providing credit card information to cyber criminals is not a recommended course for affected users.
Key points surrounding CryptoLocker malware:
1. Each private key required to decrypt files is unique to every computer it is installed on, so you can’t just use another person’s key to decrypt your files.
2. The fee is typically $300 or EUR300, and forms of payment requested vary from Bitcoins to Credit Card.
3. You probably wouldn’t know you have this malware until after it has encrypted your files.
4. If CryptoLocker is running and has already popped up its payment demand page, you can still remove it, but even antivirus software removal will not decrypt any encrypted files at this point.
5. Cyber crime groups are enjoying great success with CryptoLocker. Because of this, many groups are using other malware they may already have installed on systems to push out the CryptoLocker malware.
6. CryptoLocker will search for drives or other network shares attached to your computer for additional files to encrypt.
7. This malware is currently only known to infect Windows systems.
SO WHAT DO I DO NOW?
CryptoLocker is not terribly sophisticated malware, but it is effective. There are some simple steps all computer users should take to protect themselves from this threat and any other threats from malicious software in the future.
First, keep regular backups of your important files. If you can, store your backups offline on an external drive where they can be easily restored in the future. Remember, backing up to a cloud provider like Dropbox may not protect you if CryptoLocker was able to access that directory on your compromised system.
Second, use an anti-virus product and keep it up to date. In particular, Dartmouth provides Symantec antivirus software for free. The most current updates of this software currently provide protection against known variants of Cryptolocker and can keep the malicious software from ever being able to install on your system.
Finally, keep your operating system and software up to date with patches. Patch your software routinely. Unpatched software provides vulnerabilities that allow attackers to install and execute malicious software like this. A little prevention can save you a lot of grief. If you have any other questions surrounding issues presented here please do not hesitate to contact the Helpdesk.