Tech Tip of the Week: CryptoLocker, A New Threat to PCs
We have become aware of a serious new threat to computers running Microsoft Windows called “CryptoLocker.” Protection is in place on all Hampshire-owned PC’s, but if you have a personally owned PC you should immediately take preventative measures.
How CryptoLocker is Spread
CryptoLocker is a threat to PC’s running any version of Microsoft Windows. It is not a threat to computers running Mac OS.
CryptoLocker is “ransomware” that is spread primarily as an attachment to email. The CryptoLocker attachment would be detected by our mail server as dangerous and stripped from the message, so it will not reach any Hampshire inboxes. Other email providers may allow the attachment through; so if you use a third party email account, exercise caution with attachments.
ESET Antivirus, which is installed on all Hampshire computers, would detect CryptoLocker if it tried to install itself. If you’re using a non-Hampshire PC you should check with your antivirus provider to see if it would protect you from CryptoLocker.
Some reports indicate that CryptoLocker may also occasionally be installed by visiting malicious websites. If this is true, it would bypass our mail server’s security layer but should still be caught by ESET.
What CryptoLocker Does
Once CryptoLocker is installed it begins to encrypt your computer’s data files. It does not give you any indication that this is being done. If you have mapped network drives or attached hard drives it will also encrypt files on those.
Once all of the files have been encrypted it will put up a notice informing you that you must pay $300 ($100 in previous versions) in order to decrypt your files, and give you a countdown timer. If you pay the ransom, reports indicate that the files will be decrypted; if you don’t pay, when the timer runs out you will lose the opportunity to decrypt.
Any files that are encrypted are lost unless you pay the ransom in order to get the decryption key. There is no way to decrypt the files without this key. There is no way to access the files unless they are decrypted.
What to Do if CryptoLocker Gets Installed
Once the ransom screen comes up, you are faced with a choice: pay the ransom or lose your files. If you have a backup of your files, see a computer technician to have the malware removed and files recovered from the backup. If you don’t have a backup you are stuck with a hard choice: pay the ransom or accept that your files are lost.
If you happen to catch it before it’s completed encrypting items–which you might detect if you tried to open a document and it reported that it was encrypted–you should immediately disconnect the computer from the wired or wireless network, shut the computer down and take it to a professional.
By the time CryptoLocker announces that it is installed on your computer, your files are gone unless you pay the ransom. Because of this, preventative measures are critical.
- Do not open email attachments from unknown senders.
- Backup your files on a regular basis, and keep the backup drive disconnected when not active.
- Keep antivirus software active and up to date at all times.
- There is a tool that will inoculate your computer against CryptoLocker by blocking it from executing. If you have a personally owned computer we strongly recommend that you use this tool. It can be found, with instructions, at http://www.foolishit.com/vb6-projects/cryptoprevent/.
If you’d like to read more details about how CryptoLocker works, a reliable and thorough site is http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information.