There is a new piece of nastiness going around right now called CryptoLocker that impacts Windows users. If you infect yourself, either by clicking a link in a phishing email or by visiting a site with the exploit, then all of your drives are scanned and data files are encrypted. Once they are encrypted, you can’t access them without the encryption key, which you have to pay the criminals to get.
This includes files on your physical hard drive or mapped network drives. Remember, syncing services like DropBox or Skydrive typically store files on your physical hard drive, so they would be encrypted in the event of an infection.
Good News/Bad News
Up-to-date antivirus and antimalware programs should detect and warn you about the CryptoLocker trojan. If you use good practices to avoid phishing attempts, then you should be mostly safe. That’s the good news.
However, if you are infected, it is impossible to de-encrypt your files without paying the ransom to the criminals. The ransom appears to be $100-300 if you pay within their time frame. The cost goes up significantly if you let the 72 hour countdown clock expire. That’s the bad news.
If you are infected and don’t want to pay, what can you do? Hopefully you have a backup that is physically separated from your computer. If so, you can allow your antivirus or malware tools to clean the trojan from your computer, delete the encrypted data files, and restore from your backup.
Warning: Ifyou decide to pay the ransom, DON’T let your antivirus or malware software delete the the trojan. Your computer has to be infected for the criminals to deliver the decryption key.
Prevention is the key
- Don’t let Windows hide extension. By default, Microsoft does this.
- Control Panel > Folder Options > View tab
- Uncheck the box for Hide extensions for known file types
- Make sure you antivirus and malware software is up to date.
- Be wary of phishing emails and attachments.