By now just about everyone has heard of the CryptoLocker malware which is a type of Ransomware which encrypts your files then, for a specific dollar amount, the sender will send you a code which will unlock your files. Over the last six months we have seen the number of reported cases triple, and 64% of the reported cases were in the United States.
CryptoLocker, as is Ransomware, are intelligent malware. They will actually change, learn and grow to avoid anti-virus programs and filters set to catch them. Due to this intelligence the people who write them have simply refined the programs awareness which makes them very difficult to track, trap and eliminate. CryptoLocker malware is spread primarily through email and links or embedded links that come in through your email system. It can also be spread through outdated web browsers or outdated plugins.
If you think you have the CryptoLocker virus one of the first things you should do is unplug or disconnect from your wired or wireless network, this will stop the spread of the virus any further. Unfortunately, at this time there is no way to unencrypt files that have already been encrypted without paying. CryptoLocker uses a private key which can’t be retrieved without paying the ransom, and performing a brute force recovery on the key is not a realistic option due to the amount of time it would take for that process to complete. At this point in time the only way to recover files without paying is from backup, assuming you have a good backup but, make sure that you recover these files to another location and not over the infected files.
Some basic rules not to get infected with the CryptoLocker:
• Always check the email sender and make sure that you know who it is that is emailing you. However, you have to keep in mind that Spammers will sometimes spoof email addresses so it looks like someone you know is sending you a message.
• Double check content, an example would be someone stating they are responding to your message, make sure that you actually sent them something.
• Email links, do not click on links that you get in email and configure your browser to use link reputation to check the link.
• Always ensure that your software applications, operating systems, Internet browsers there are no know versions of CryptoLocker that exploits these vulnerabilities, however the Crypto is an intelligent virus so better safe than sorry.
• Backup your important data, there is no known good tool to unencrypt files once they are encrypted, utilize cloud based backups such as XpressStor to help protect your files.
• Corporations should review policies around email attachments and links, filtering of any executable files or zip files, and to remove active links.
There are some tools on the market that can help prevent the infection of the CryptoLocker virus, one of those tools is the CryptoPrevent tool. CryptoPrevent artificially implants group policy rules to block executables from running in certain areas of the registry. Some of these tools are free for individual and corporate use and could give you another layer of prevention. Keep in mind nothing is 100% so, you will have to check for updates and make sure that you stay current on these tools as the CryptoLocker evolves and learns.
The impact of the new CryptoLocker viruses have taken Ransomware to a new level. Most infections can be prevented through simple education of users, but technology can certainly help. Companies should continue to harden their systems, manage email policies and web surfing polices to ensure that we are catching as much of this in the technological net as possible. However, this is not a onetime thing, CryptoLocker are intelligent viruses they change, they learn, they grow so it is something that we have to pay attention to all the time. Anti-Virus companies and companies that specialize in this type of thing expect the infection rate to continue to grow and the virus to evolve so everyone has to be aware and vigilant to protect themselves.