They don’t call it malware for nothing. Malware comes in many different variants. Traditionally, malware would infect your system, spreading itself to other computers with the purpose of using your system to be part of a bot-net or to send spam email. But new strains of malware are much more sinister, specifically those in the cryptolocker family.
What is Cryptolocker?
This new variant of malware will encrypt files found on connected drives, including network shares, and hold the machine “hostage” requiring the user to pay a ransom to get the decryption key to unlock the files.
What is ransomware?
As the name implies, it is a particular type of malware that prompts the user of an infected computer for some form of payment. One of the traditional threats was the FBI Virus which posed as the FBI and accused the victim of some illegal online activity. One of our Tech Kahunas would be able to help remove the FBI Virus or similar from your machine, and the software that we include with Drumbeat would help protect from infection.
So other than an attempt to extort some money from the user of the infected computer, malware like the FBI Virus simply spread to more computers.
How is Cryptolocker different from other Ransomware?
Consider that earlier forms of ransomware are “empty threats.” Cryptolocker means business as it encrypts the files that it can find attached through USB or network shares. Then it threatens to throw away the key if you don’t pay up.
Removing the virus isn’t particularly difficult, however the damage from the virus is devastating. Decrypting the files without the key is not possible. Once the virus has been removed, the encrypted files will need to be recovered from a backup source that wasn’t connected to the computer at the time.
How do I get this virus? What can be done to stop it?
These viruses spread through infected websites, USB keys, or existing malware on your machine that gets updated instructions to go to infected sites. At the very least, your malware protection needs to stay up to date.
New variants of Cryptolocker are being written everyday. In fact, CryptoDefense was first reported by our own Tech Kahuna, Steve Wooton, who assisted in documenting the specifics and removal instructions.
If I get infected, what can I do?
The simple answer is restore from backup files after the machine has been cleaned. Without the encryption key, your files are “gonzo” (gone). One of the scariest parts of cryptolocker viruses is that they go looking for files to encrypt. So if your only backup is attached to your computer and it finds those files, your local backup may be “gonzo” as well.
Read the following articles for more information about Cryptolocker: