CryptoLocker

What is CryptoLocker?

CryptoLocker is a type of malware that encrypts your files and demands a ransom to decrypt them. There are many variants of the original CryptoLocker ransomware (such as CryptoWall), but in this article we will refer to all of them as "CryptoLocker" as they all act similarly. Most variants affect Windows PCs, but some also affect Mac OS X and/or Linux.

CryptoLocker is often installed on PCs via infected advertisements on legitimate web sites, or via an e-mail attachment. Researchers have been able to recover files encrypted by a few variants, but this is not the case with most of them. If your PC is infected with CryptoLocker, you should consider any files that are not backed up to be lost.

What does ECN do to protect domain PC users from data loss caused by CryptoLocker?

ECN installs AdBlock Plus for Google Chrome and Firefox and allows browsers and Flash Player to update automatically. We back up files on departmental file servers nightly, so we can recover good versions of files that have been encrypted. We developed a script that detects some CryptoLocker variants, notifies us, and shuts down the PC to prevent it from being used until it has been cleaned.

What should I do to protect my non-domain or personally owned PC against CryptoLocker?

To prevent the risk of a CryptoLocker infection, ECN recommends that you uninstall Flash Player from your PC if you do not need it. CryptoLocker is often installed on PCs using exploits in older versions of Flash Player. If you use sites that require Flash, enable automatic updates. We also recommend that you use Google Chrome or Firefox instead of Internet Explorer whenever possible, enable automatic browser updates, and install AdBlock Plus (available for both Chrome and Firefox).

To prevent data loss in case of a CryptoLocker infection, we recommend that you back up your files. We do not recommend the use of an external hard drive or cloud storage service such as Dropbox since your good backup could be overwritten by encrypted versions of your files. We recommend that you back up any data not saved on ECN servers using a program that keeps multiple versions such as CrashPlan: http://www.code42.com/crashplan/

You can find more information on protecting your PC against CryptoLocker and malware in general in our Safer Surfing Techniques Using Firefox/Chrome and Add-ons article. If you have any questions, please contact us.

Last modified: 2015/11/23 12:58:34.664583 US/Eastern by benjamin.m.fowler.1
Created: 2015/11/11 08:17:38.586606 US/Eastern by benjamin.m.fowler.1.

Categories

Search

Type in a few keywords describing what information you are looking for in the text box below.

Admin Options: Edit this Document