1-Fix Limited

The Blog

CryptoLocker – the biggest threat this year?

CryptoLocker – the biggest threat this year?

Many of you reading this may well have not heard of a new virus called CryptoLocker. It’s a new advancement of the now fairly familiar ‘ransomware‘ family of threats, such as the Met Police virus or FBI virus.

Like other ransomware, CryptoLocker infects your PC and asks for payment to remove it and it’s effects. However, unlike other ransomware CryptoLocker has a very nasty trick up it’s sleeve.

When CryptoLocker infects your machine, it doesn’t immediately make a song and dance about it. What it does do is set to work silently encrypting all of the important documents, pictures and work files on your computer. In effect, the files are scrambled.
Once all your files have been encrypted, CryptoLocker makes itself known to you by demanding a payment (ransom) to release the encryption key to you and decrypt your files.

The sign you’ve already been encrypted

If you, us, or anyone else removes the CryptoLocker virus without paying the ransom you’ll need to bring all of your crucial files back from a backup.

CryptoLocker gives you 72 hours to pay, or else your encryption key is removed from their server. Say goodbye to your data.
They do offer an option to make a payment up to 10 days after infection, but the price jumps to around £2.5k!

Who is at risk?

Everyone. Corporate environments have a big risk exposure to CryptoLocker as it will encrypt not only local documents but also any files on shared (mapped) network drives.

It will also encrypt files on USB hard disk drives and memory sticks, so if you have work or backups on hard drives that are regularly plugged onto your computer then these are at risk if you get hit by CryptoLocker.

So, what can you do about it?

If you’ve already been infected you need to make a serious decision on whether to pay the ransom or recover from a backup. If you don’t have a backup, then the ransom may be your only option.

If you’ve not been hit yet, get yourself protected. The free tool, HitmanPro Alert, will stop CryptoLocker from being able to encrypt your files. It will also warn you if you’re banking browsing gets hijacked or if you’re running a number of other nasty Trojans. We are installing this as standard on all client machines we support or that are coming into our workshop. You can download it here:
http://www.surfright.nl/en/cryptoguard

It’s also a great time to check that you’re backups are working, and that they aren’t liable to attack from CryptoLocker (if your backup drive is always connected to your computer, consider setting up a second backup that is removed regularly). Cloud backup is also an option as CryptoLocker can’t attack this – although shared cloud storage that appears as a drive, such as Dropbox, may be vulnerable.

If you’re worried, give us a call and we’ll make sure your as protected as possible.

Replies

Tony replied on 23/11/2013 |

Thanks Craig,

CryptoLocker can definitely get to your dropbox files – because there is a copy on your hard drive. Then, because the files have changed, they will synchronise to the cloud. Then because the the cloud versions are newer than ones on the computers of people with whom they’re shared, the encrypted files will be downloaded to these people’s PCs.

We can but hope that the people who wrote this trojan will be traced and spend many years in prison.

Craig Atkins replied on 23/11/2013 |

Hi Tony – yes, I thought that was the case. The virus itself seeks out any documents with the following extensions:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

So that’s most major document formats, plus some more obscure corporate files too…

Leave a Reply

Your email address will not be published. Required fields are marked *