What Is CryptoLocker?
CryptoLocker is a new family of ransomware which can lock up your computer so that you can’t use it until you have paid the ransom!
CryptoLocker is a ransomware trojan program that is spread by both malicious file attachments to email messages and via downloading malicious injected files from the Internet. For the most part, CryptoLocker is spreading via various phishing campaigns, including some from legitimate businesses, or through phony Federal Express or UPS tracking notifications.
It targets various Windows operating systems as well as others including Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows server operating systems as well as other operating systems such as those from Apple and encrypts your files so that you cannot open them without decrypting them via a key.
Removing CryptoLocker will not restore access to your encrypted files.
If CryptoLocker has already infected your computer, you will see a payment demand page, which upon payment will hopefully result in a key being sent to you to decrypt your files. You can remove the Trojan from your computer and clean up, but you will not be able to decrypt your scrambled files. Your files are unrecoverable without the key, so you may as well delete them.
Fortunately, CryptoLocker is not a virus (self-replicating malware), so it doesnt spread across your network by itself however once activated it is known to target shared files and therefore if you’re running a network then the whole network is at risk
In fact, every time you restart your computer, CryptoLocker makes changes to your registry and if you try to get around it by accessing your drive remotely, the virus will then encrypt the files on your both your fixed and remote drives.
One small plus is that the criminals don’t actually take your data they just leave it locked up where it was before, and offer to sell you the key.
Unfortunately, once the encryption of the files is complete, decryption is not feasible. To obtain the file specific Advanced Encryption Standard (AES) key to decrypt a file, you need the private RSA key (an algorithm for public key cryptography) corresponding to the RSA public key generated for the victim’s system by the command and control server. However, this key never leaves the command and control server, putting it out of reach of everyone except the attacker. The recommended solution is to scrub your hard drive and restore encrypted files from a backup.
As with any virus or malware, the way to avoid it is with safe browsing and e-mail habits. Specifically, in this case, be wary of e-mail from senders you don’t know and never open or download an attachment unless you’re sure you know what it is and that it’s safe. Be especially wary of unexpected email from postal/package services and dispute notifications. Source: https://www.fbi.gov/washingtondc/news-and-outreach/stories/cryptolocker-ransomware-encrypts-users-files
What is the best way to deal with Crytpolocker? Prevention!
Take steps to protect your valuable data to prevent infection in the first place. You should be doing this anyway as Cryptolocker is just one of many malicious tactics that cyber-criminals use.