Saturday, October 12, 2013

CryptoLocker Ransomware


CryptoLocker is one nasty piece of malware! 

To put it simply, CryptoLocker encrypts the files on the computer and holds them for ransom.  There is only one private key available to unencrypt the public key and it is stored on a secret server with a time bomb set to destroy the key if the ransom isn't paid by the deadline.  Depending on the version, the ransom is $100 to $300 with a deadline for payment of between ~72 to 100 hours.

Techies interested in "deep dive" information on CryptoLocker are encouraged to see the additional references below.

Update:  Grinler published a comprehensive CryptoLocker Guide and FAQ, added to the references below.  (15OCT2013)

Update 2:  Grinler's guide has been updated with new information. Of particular interest it the information about CryptoPrevent.

CryptoPrevent is a free utility by
FoolishIT LLC that automatically adds the suggested Software Restriction Policy Path Rules (listed in the guide) to your computer. The added Software Restriction Policies are to prevent CryptoLocker and Zbot from being executed in the first place.  (21OCT2013)

Cure

The trojan can be removed from the computer but, other than paying the ransom (not recommended), there is no known way of recovering access to the encrpted files.

The reason it is not recommended that the ransom be paid is that there have been reported instances of the ransom being paid but the decryption key did not work.

As pointed out by "Grinler" in his forum post in the Cryptolocker Hijack program discussion at Bleeping Computer, the only reliable recovery is System Restore or reliable backups.  In the unfortunate event your computer does get infected with CryptoLocker, Grinler's post includes instructions on "How to restore your encrypted files from Shadow Volume Copies"

Prevention

  • Keep your computer updated (antivirus software as well as both Microsoft security and third-party programs).  
  • Be extra cautious about email attachments.  
  • Review critical files and store backups of anything that cannot be replaced offline.  
  • If you are in a position to do so, purchase a Malwarebytes Anti-Malware PRO license for the malware execution prevention and blocking of malware sites and servers that it provides.  A license is currently a one-time fee of $24.95 for one computer.

Additional Information

Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


No comments: