CryptoLocker: Prevention and Preparation for the Worst
We recently had a computer in for removal of the CryptoLocker ransom trojan. This attack, which typically arrives via email attachment, or file sharing sites in a newer version, encrypts all of your computer’s documents when the attachment is opened, and then demands payment to have them unlocked.
Unfortunately, we had to give our customer very bad news: that their files were no longer accessible. This is one of the first infections that cannot be reversed by traditional means, other than removing the trojan itself, due to the strength of the encryption. Once your files are encrypted, the only way to decrypt them is to pay the ransom, which may or may not work.
We don’t recommend this course of action. Instead, we recommend doing whatever you can to prevent getting the trojan in the first place, and to protect your data.
- Be sure to never open attachments in emails, unless you are sure they are from a trusted source AND you were expecting the attachment. Many newer infections rely on the trust you have with friends and family to get you to open them. You may have seen such viruses and malware spread via social networks. So be sure to confirm the that the sender meant to give you the attachment in the first place.
- Be sure to back up your data regularly. CryptoLocker encrypts pictures, word processing documents, spreadsheets, pictures, and more.
Last year, we wrote an article about some of the options your have for backup. Please be sure to review it, and if you need assistance, feel free to call us. A backup won’t the encryption process from happening if your computer is infected with CryptoLocker, but it will help you get your computer back on its feet afterward.