CryptoLocker is a new Ransomware virus going around that is encrypting user documents and then demanding payment to decrypt these.
How it works
It is using public/private key encryption where it encrypts the users data using RSA-2048 encryption with a public key. The private key, that decrypts the data, is stored on a remote server accessed by the CryptoLocker virus from the infected PC. A demand is then made for payment from the user for the private key so they can decrypt the data.
A screenshot of PC infected with CryptoLocker
How can it get on your PC?
The CryptoLocker virus, like any other Malware, uses vulnerabilities and security weaknesses to infect PCs. These can be in the form of emails containing infected attachments, websites that have been compromised, files downloaded from the internet from untrusted sources or through existing malware infections on your PC using botnets.
What can you do to prevent infection?
There are measures you can take to minimise the risk of infection which include:
1. Do not open attachments in emails if you do not know the sender or are not sure the attachment is from a trusted source.
2. Do not click links to websites in emails or other programs if you are unsure the link so from a trusted person or are not sure where the link will go.
3. Ensure your anti-virus program is up to date and performing regular scans. Weekly scans are the best balance between security and functionality.
4. Perform periodic scans with anti-malware programs such as Malware Bytes Anti-Malware. This will pick up possible malware infections that your anti-virus software may miss.
How can you recover from a CryptoLocker?
There are various methods posted on the internet for removing and recovering from the CryptoLocker virus which include using anti-virus and anti-malware programs, system restore and backups. If you have been infected or just want someone to check please contact TLP Technology and we will be happy to help.
There are various things you can do to aid recovery from not only the CrytpoLocker infection but other infections, operating system problems and general data loss:
1. Ensure Windows System Protection is configured and running to allow your system to be restored to a previous state before the problems occurred and allow you to restore previous versions of your data.
2. Although System Protection allows you to revert to previous versions of your data files nothing can substitute an offline backup so ensure you have adequate backup procedures in place, whether on your server or your local PC. Any data you have is vulnerable unless it is backed up.
3. If any warnings pop up in your anti-virus program complete a full scan immediately and remove any infections. If you have IT support contact them and ask them to carry out the scan to check your PC is clean.
If you are in doubt about any of the above or just want some reassurance, please contact TLP Technology and we will be happy to ensure you are as well protected as possible to minimise the risk of infection and ensure swift recovery should the worst happen.