Cryptolocker Ransomware – And what you can do about it

You may have heard of Cryptolocker or Ransomware.

If you haven’t then the chances are that you will soon enough, possibly the hard way.

What is it?

Ransomware is big business, and a major risk and potential expense to everybody who uses a Windows Computer. Ransomware is a program that will encrypt every file on your hard drive with a secret, personalised password which is known only to the people who wrote the program.

How do I get it?

Ransomware usually finds its’ way onto a victim’s computer (or computers) by way of an email opened by an unsuspecting user. The emails can sometimes be crude and easily picked as a spam-type message, but the ransomers are constantly getting more professional, and emails seen recently have looked 100% authentic – even directing users to a legitimate looking website address to collect their own little “bomb” instead of attaching the payload. Unfortunately, the software is constantly being developed and additional weaknesses exploited. For example, a recent variant can make it’s way to you via files shared to you on Dropbox.

Which types of files are affected?

The program attacks ALL types of data files – word processing documents, spreadsheets, powerpoints – even all your photos! The program will look for files all over your hard drive(s), any attached USB or Network device (like a NAS), even your cloud storage like Dropbox or Drive.

What does it do to my files?

Your files will be encrypted, often even the filenames and extensions are changed. You will be unable to open or read any of your files unless you take corrective action – read on.

What can I do if I get it?

You have three (practical) choices.
  1. Pay the Ransomware. Remember you are dealing with thieves here. You may get your data back, you may not. The process will involve making an untraceable payment via an electronic currency such as Bitcoin. This can be a whole adventure all by itself. Not to mention – Expensive!
  2. Restore your data from backups. You have backups, right? See further down..
  3. Format your computer and lose all your data. This can be really painful. You may lose all your photographic memories, all your business or household records, all your email history – everything you store on your PC.

What can I do to keep my files safe?

You do have some options here, at least BEFORE you get attacked.
  1. Unless you have a compelling reason to use Windows, use Linux. At this time linux PC’s are not being attacked (this will change,no doubt). Mac users are safe at the moment too.
  2. Backup your files regularly, and keep your backup drives UNPLUGGED from your computer. Keep at least two sets of backups and rotate them each time. NEVER have them plugged in at the same time and never leave them attached to the computer unless you are actually backing up. External USB Hard Drives are cheap, and reliable. And very cheap insurance.
  3. Disconnect yourself from any shared folders on Dropbox, Drive, or any other cloud service. Never open a file from any of these services unless you know EXACTLY what it is and where it came from.
  4. If your PC is networked to others, make sure that users of those machines read this article too, and that they understand it, and the implications if they mess up.
  5. Keep your Virus and anti-malware products up to date always – they MAY help, but they aren’t a guarantee.
  6. Make sure you install Windows Updates promptly. Same deal, probably won’t help, but you never know.
  7. Examine incoming emails CAREFULLY if they have an attachment or links to websites. They may appear to originate from somebody you know, or from a legitimate organisation. For instance, in australia emails from Australia Post and AGL (an electricity provider) are constantly being sent around, with deadly payloads. Ask yourself WHY you are getting this email – if it looks strange, feels strange. or if you have any doubts, contact the sender and confirm that they actually sent the email, and what the contents are. Any email that contains a threat as a result of inaction should be deleted immediately.
Finally, if you subscribe to a Spam filtering service, forward any suspicious emails to them – it may save somebody else who isn’t as aware as you are now!          

Leave a Reply