CryptoLocker Ransomware- Pay $300 or Lose Your Data Forever
CryptoLocker is a new form of ransomware that encrypts most files on the infected computers and demands you to pay the attackers in order to decrypt and recover your files.
This particular malware finds and encrypt files in shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. If one computer on a network becomes infected, the whole network could also become infected.
When the victims open their computer to see the image on the right, the malware has completely infected their computer and their are not able to access any of their files until the pay the ransom.
CryptoLocker encrypts the file by using asymmetric encryption. Asymmetric encryption has two different keys for encrypting and decrypting messages. This allows the attackers be the only ones who have the private key, while both sides know the public key.
CryptoLocker has mostly been spreading through fake emails that look like legitimate businesses and through phony FedEx and UPS tracking notices. Some people have been also noticing that it has appeared on their computer after they were previously infect by another virus or malware. The operating systems that we have noticed being affected so far are Windows 8, Windows 7, Vista, and XP.
Most victims are told they have three days to pay the attacker through a third-party payment method (MoneyPak, Bitcoin), some victims have claimed online that they paid the attackers and did not receive the promised decryption key. US-CERT and DHS encourage users and administrators experiencing a ransomware infection NOT to respond to extortion attempts by attempting payment and instead to report the incident to the FBI at the Internet Crime Complaint Center (IC3).
Orange County Computer recommends following the steps below in order to prevent this from happening to you:
- Do not follow unsolicited web links in email messages or submit any information to webpages in links
- Use caution when opening email attachments.
- Install an Antivirus with an Antispyware Program and keep all updates current prior to opening emails and browsing the Internet.
- Perform regular backups of all systems.
- Secure open-share drives by only allowing connections from authorized users.
- Keep your operating system and software up-to-date with the latest patches.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
If your system has been infected by CryptoLocker, disconnect it from the Internet, turn the system off, and contact Orange County Computer immediately at 949-699-6619 or contact our Support Team via email.