CryptoLocker is a computer worm which surfaced in late 2013. A form of ransomware targeting Microsoft Windows based computers, the trojan encrypts files stored on local hard drives and mounted network drives using public-key cryptography, and then displays a message saying that the files will be decrypted if a fee is paid through an anonymous payment service by a specified deadline, beyond which decryption is no longer possible.
How the threat gets in:
SophosLabs reports two main infection vectors: via email attachments and via botnets.
Email attacks are fairly easy to avoid: take care with attachments you weren’t expecting, or from people you don’t know well.
Infection via a botnet is a little different, since the crooks are using the fact that you are already infected with malware as a way to infect you with yet more malware.
That’s because most bots, or zombies, once active on your computer, include a general purpose “upgrade” command that allows the crooks to update, replace, or add to the malware already on your PC.
So take our advice: make it your task today to search out and destroy any malware already on your computer, lest it dig you in deeper still.
What you can do:
Take this story as a warning, and don’t forget that there are many other ways you could lose your files forever.
For example, you could drop your laptop in the harbour (it happens!); a thief could run off with your computer (it happens!); or you could entrust your files to a cloud service that suddenly shuts down (it happens!).
The endgame is the same in all cases: if you have a reliable and recent backup, you’ll have a good chance of recovering without too much trouble.
Prevention, in this case, is significantly better than cure:
Stay patched. Keep your operating system and software up to date.
Make sure your anti-virus is active and up to date.
Avoid opening attachments you weren’t expecting, or from people you don’t know well.
Make regular backups, and store them somewhere safe, preferably offline.
Don’t forget that services that automatically synchronise your data changes with other servers, for example in the cloud, don’t count as backup.
They may be extremely useful, but they tend to propagate errors rather than to defend against them.
To the synchroniser, a document on your local drive that has just been scrambled by CryptoLocker is the most recent version, and that’s that.