Dealing with a CryptoLocker Infection

The CryptoLocker virus is a ransomware that infects your machine via a link or attachment in an email, then encrypts the contents of the hard drive. The data can only be decrypted with the corresponding key, which is handed over by the cyber-criminals after a hefty ransom has been paid – typically around $1300, or around £1000.

Ransomware – a type of malware virus that encrypts your data and demands a ransom from you to get it back – is not a new development. One of the earliest examples of ransomware was the AIDS Information Trojan in 1989, which scrambled the data of infected machines and demanded $378 to rebuild it. Fortunately for many, the data was scrambled in such a way that made it easy to rebuild with the help of one of the many free programs that were released online.

On the other hand, the creator of the CryptoLocker ransomware has been much more thorough when it comes to ensuring you can’t retrieve your data. Targeting all versions of Windows – including Windows 7, Windows 8 and Windows 10 – CryptoLocker uses AES-265 and RSA encryption, which requires a private key to decrypt. Breaking an AES key is next to impossible, so brute forcing definitely isn’t an option. When you’ve been infected, an executable will start to scan all the drives connected to your machine for files to encrypt. Typically, ransomware targets productivity files like .doc, .docx and .pdf, and media files like .mp3, .mp4 and .avi. Every folder that contains an ecrypted file will have a text file with instructions on how to pay the ransom.

There are a few things you can do, both before and after a CryptoLocker infection. Obviously, the best thing you can do is not get infected with the ransomware virus in the first place. You should always be vigilant when it comes to opening email attachments; cyber-criminals will often forge email header information, giving the email an appearance of legitimacy, encouraging you to click a link or open an attachment. If you’re a business owner, educating your staff regarding these methods of infection is crucial. You should always keep a regular backup, too – which will allow you to restore your files.

Another option is to perform a System Restore, restoring your machine to a point in time before the ransomware infected it. System Restore uses ‘shadow copies’, which are older copies of files that Windows keeps. You can also manually restore individual files without going through the full process, by right clicking a file, and in the ‘Properties’ window, clicking the ‘Previous Versions’ tab. Here, you will see a list of shadow copies of the file, with the option to recover any of them. If you need any assistance, a data recovery specialist should be able to help.

Leave a comment

Your email address will not be published.