An introduction to CryptoLocker: the basics
CryptoLocker is a type of malicious software (malware) that makes data on your computer (documents, pictures, music and so on) unreadable by encrypting it using RSA-2048 bit keys; it then demands payment to un-encrypt them. Once you pay (to the tune of several hundred USD via prepaid voucher or virtual currency known as Bitcoin), you get your files back. The malware even puts a deadline on how long you have to pay the ransom. CryptoLocker affects Windows computers and usually finds its way onto them via email attachment.
What if it’s too late and you’ve already been infected? If your files have been encrypted you’re unfortunately out of luck. The files are encrypted in such a way that it’s all but impossible to decrypt them (unless you pay the ransom, in which case you’d [like] regain access to your files).
Is Your Cloud Data Secure?
The fact that you are backing up data to the cloud is a good thing – but it’s not the act of backing up that’s the issue. The problem with typical cloud backup implementations is that they’re set to synchronize; your backed- up data in the cloud is maintained as a mirror copy of what’s currently on your computer. Ordinarily that’s ideal – unless those files are encrypted by CryptoLocker, in which case they’ll be synchronized to the cloud by your backup software.
CryptoLocker malware prevention tips
We provided step-by-step instructions on how to remove CryptoLocker if you’ve already been affected but for the vast majority, prevention is key. Here are eight tips to stay safe.
Follow the following tips:
- Install a reputable anti-virus software that has on-demand scanning
- Schedule your anti-virus software to automatically run scans at least once per week
- Always double-check the sender of any emails you receive and if you don’t know the sender, proceed with caution
- Never click on email attachments unless you know exactly what the attachment is
- Don’t click on links within emails unless you know where the link is going
- Keep a separate backup of your personal files away from your computer
- Set up and stick to a regular backup schedule
- If you use cloud backup services, consider investing in a cloud-to-cloud secure backup solution as a plan
The morale of the story is that while the CryptoLocker malware itself can be removed easily enough via Malwarebytes free edition, prevention is crucial. Install appropriate anti-virus software, be wary of any emails that are sent to you from unknown senders and have appropriate backup in place – whether it’s a physical copy or a cloud-to-cloud backup solution.