Beware of CryptoLocker!

I work in the field of IT security and even I can be surprised by the creativity and ingenuity of attackers looking to make a quick dollar.  Enter CrytoLocker, a particularly nasty piece of malware that encrypts Windows –based files on both network drives and localfile systems.  The strong encryption used makes it virtually impossible for people to recovery their data unless they follow the instructions provided by the attackers asking for money in order to be provided with the decryption key.  

Victims of this ransomware usually experience the infection when unknown attachments are opened through email or through the use of infections already on the machine.  Occasionally, it is installed via drive-by downloads.  Word, Excel, PDF, and other daily-use file types (including pictures and movie files) are susceptible to this attack.  Ransomware attackers then present a screen to their victims stating that they must pay $300 in order to receive the key or their files will all be deleted forever within 72 hours.  Unfortunately, aside from losing $300, many times the decryption does not work and the files are lost anyway.  This is a very good example of why people need to backup their critical files!  

Anti-virus software is unable to prevent this malware from infecting machines, too, meaning even people who are diligent with their A/V software are vulnerable.  The most common infections have come in through email attachments, but the malware has also piggybacked on existing malware, such as Zeus.  The best way to prevent an infection in this case is the actively ensure your anti-virus is up to date and that it scans daily to circumvent the infection of these other Trojans.  

Email attachments are something people have been warned against for years, yet this is still one of the most popular avenues for infecting machines.  Phishing scams are a great way for attackers to hit hundreds of people at once, through specially crafted emails that look like they came from legitimate organizations.  Always double check that any email you receive from a shipping organization, a bank, or any other common source is legitimate.  Check the email return address to ensure that the domain is correct, and call the company to find out if what they are ‘selling’ is in fact truth.  Be aware of which company is shipping your packages so that you only pay attention to emails from them (and even then, scrutinize its content for accuracy before you click any attachments or links).  Question your bank before you respond to an email to find out whether this is their normal process for conducting business.  

CrytoLocker is a dangerous piece of malware, so protect yourself from it as best as you can.  Imagine how it would feel to be locked out of your computer, potentially never accessing your important files again.  Back up your data regularly, and unplug that backup from the network or computer when you are finished.  This is, along with current antivirus software and due diligence, is your best defense.