A New Digital Threat
With all of the modern age’s technological advancements and electronic devices becoming more and more complex, the viruses and malware trying to steal our personal information and mess with our data are also becoming more complex. A prime example of this is the ransomware known as Cryptolocker. Cryptolocker is a piece of malware that has infected Microsoft Windows operating systems including Windows XP, Vista, 7, and 8.
The Cryptolocker virus infected a computer when the user opened an email attachment containing it. The emails were usually sent through fake UPS and FedEx tracking notifications and other legitimate business messages. Once on the computer, Cryptolocker will begin to encrypt the user’s files such as Microsoft Office documents, pictures, and Open Office files. The virus will even target devices shared across the network, spreading the encryption from one computer to any others on the network. The encryption style used by Cryptolocker is asymmetric encryption, meaning only one party (the maker of the virus) knows the decryption key. This leads to Cryptolocker demanding money upwards of $500, with a message showing how long until the decryption key is destroyed. After paying the ransom, Cryptolocker will begin to decrypt the files, although there have been reports of errors leading to files being unable to be decrypted.
With the original version of Cryptolocker, users were able to go into the Windows registry and restore files from what’s known as a “shadow copy” in order to bypass the ransom demand. The new versions (or clones) of Cryptolocker are much harder to deal with. One that is infecting systems today goes by the name of CryptoWall 2.0. CryptoWall is much more advanced than the original Cryptolocker due to how it “locks down” the infected computer. It does this by disabling the computer’s antivirus upon infection, leaving the computer unable to remove CryptoWall and opening it up to more possible infections. In addition to encrypting files and disabling virus protection, CryptoWall has removed the service that lets users attempt to recover “shadow copies”, leaving no other way to restore the encrypted files aside from a backup made prior to the infection.
So how do you protect your files from becoming encrypted by this virus? Here are some good preventative measures:
- Back up your files. Anything that you would hate to lose should be routinely backed up. Whether it’s to an external drive or a cloud backup program like Livedrive, having backups will make life much easier in the event of data loss or unwanted encryption.
- Keep your antivirus updated. Make sure you have a good antivirus program (and that you only have one) and that it is regularly checking for virus definition updates.
- Keep your operating system updated. Run Windows Updates and set them to install automatically on a schedule, these help close security holes in the operating system itself.
- Use email with caution. Beware of opening attachments, don’t open them from an untrusted source, and make sure your email client isn’t set to download attachments automatically. If an email looks even a little suspicious, don’t open it.
Viruses are constantly getting more difficult to get rid of, so the best way to prevent them is to know how they operate and how you can protect yourself. Browse with caution, avoid suspicious email, and always back up your data.
Besides my love for computers, I am a motorcycle fanatic. I have a background in Office 365 support and windows server.