CryptoLocker is not a regular computer virus which infects your computer and causes inconvenience. Instead, CryptoLocker encrypts your personal files and then demands a ransom to unlock them.
Created by criminal organisations, CryptoLocker is extremely aggressive in nature and is spreading increasingly fast among computers operating using Windows XP, Vista and 7.
Originating in the US, CryptoLocker spreads into a user’s computer via an email that appears to be a tracking notification from UPS or FedEx. Users who open the email and download the file enable CryptoLocker to infect their computer.
Although it sounds foolhardy to download the file, it is easily mistaken for a legitimate file as it has the double-extension .pdf.exe, leaving many to be tricked. It is no accident that this virus originated in September 2013, only a few months before Christmas. With many people shopping online before and after the festive season, it is easy to lose your guard if you believe the email to be from an online shopping company.
Once CryptoLocker infects your computer, it encrypts all of a user’s personal files, including photos, videos and documents. It gives the user four days to pay a ransom; the value of which depends on whether the user is a business, government or private computer. (There have been cases of US$100,000 ransoms.)
Ransoms are paid through MoneyPak or Bitcoin, and so transactions are very difficult to track. As such, the criminals behind CryptoLocker have not been traced.
After four days, the user’s files will be destroyed and unrecoverable.
As this virus is relatively new, there are not many methods to prevent or remove CryptoLocker.
Experts say the best way to prevent CryptoLocker from infecting your computer is to regularly back up important files and keep your antivirus up to date.
Some clever people have developed free tools to shut down CryptoLocker before it starts. One such tool is CryptoPrevent, which disallows a computer from downloading double-extension files in the first place.
If CryptoLocker infects your computer, there are some tactics you can try. First of all, you should disconnect your computer from the internet and turn it off. The virus explicitly tells users not to do this, but you must remember it was written by criminals, who lie to take advantage of people.
Unplugging your computer could very well save files that have not yet been encrypted.
Once your have done this, you can try restoring your system using Windows System Restore, which restores your computer to a predetermined date, thereby removing the virus. Unfortunately files that have been encrypted will remain inaccessible. The only way to get these files back is to restore them from a backup.
Besides that, there are no other effective options for users besides paying the ransom. Previous victims have stated that paying the ransom works and their files are restored. However experts advise against this, as it encourages copycat viruses which will almost certainly be worse than CryptoLocker.
One thing is for sure: once the ransom is paid, the money is gone forever.
With this in mind it is worthwhile to inform colleagues, family and friends about this virus and to ensure it doesn’t infect your business or personal life.
- Why More SMBs are Turning to the Cloud to Reduce TCO - 25 February 2020
- How SMBs Can Utilize the Cloud To Build Their Business - 18 February 2020
- The Good, The Bad, and the Ugly of Mobility and BYOD - 11 February 2020