Cryptolocker Ransomware and what you need to know

by


The basics
The Ransomware known as Cryptolocker has been prominent in the media lately, and one that we’re asked about often. Ransomware in general is nothing new, we have been seeing ransomware that hijacked your desktop wallpaper demanding payment for several years now, but while the older ransomware was rather easily removed, Cryptolocker has taken ransomware to a new level. What Cryptolocker does is encrypt files (primarily document files but also image files and other file types) on your computer and any network drives that computer has access to using a very strong encryption method and then demands payment with a 72-hour time period in order to get the files decrypted. This works by using public key encryption and there is no way to decrypt the encrypted files without paying the ransom for the private key.

What you can do help prevent getting infected in the first place and minimize the damage
Run up-to-date security software such as Webroot SecureAnywhere. As with any malware, blocking it in the first place is the best defense.

Since Crypolocker is typically installed through malicious email attachments, familiarize yourself (and your employees) with how to identify potentially malicious and suspicious emails. This will not just help prevent against Cryptolocker, this is a delivery method commonly used by all flavors of malware.

Isolate an infected computer from any network drives at the first sign of infection. Unplug the network cable or disable the wireless connection. This is especially important in Enterprise (Business) environments in order to help prevent files on network drives from being encrypted.

cryptolocker window

Cryptolocker is easily identified by its “Payment Countdown” window

cryptolocker desktop

Some Cryptolocker variants also change your desktop background with additional information in case your antivirus has removed the Cryptolocker files and you still wish to pay the ransom to recover your files.

Backup, backup, backup. You should be backing up your essential files anyway, and you could look at Cryptolocker as a brutal reminder why backups are so essential. Off-site or cloud backup is highly recommended, as off-site backup has long been an essential part of any Disaster Recovery Plan. If you are a home user backing up to a removable drive, be sure to disconnect it when not in use since Cryptolocker can encrypt your backup files on the external drive.

 Other Webroot resources on Cryptolocker

 http://images.saas.webroot.com/Web/Webroot/%7bd4d3ba36-c6b8-43f7-944e-19c486dbcd31%7d_Cryptolocker.pdf

https://community.webroot.com/t5/Webroot-Education/CryptoLocker-Malware-What-you-still-need-to-know/ta-p/69057#.Up5vpsRDt1Z




About the Author

Name: Grayson Milbourne


Grayson Milbourne is the Security Intelligence Director for Internet security company Webroot. Over the past nine years Milbourne has worked in various areas of the company, spending the past seven years focused on threat analysis. His areas of security intelligence expertise range from mobile to reversing to automation to cloud security. Grayson is also an avid participant in the security community and drives awareness of current threats by speaking at major events such as RSA and Virus Bulletin. Most recently, Grayson has been focusing on the growth of mobile malware and the risks associated with BYOD. Additionally, he writes and provides technical review for the Webroot blog.