CryptoLocker is the latest and most damaging ransomware, encrypting the user’s files using asymmetric encryption, which involves a public key and a private key. The public key simply encrypts the data, while the private key is required for decryption. The attacker offers the private key to users’ who pay the $300 ransom fee within the specified amount of time.
Unfortunately, CryptoLocker is spreading rapidly through an email that usually appears to be a tracking notification from FedEx or UPS. Many security experts believe the ransomware surfaced in September 2013 because it’s close to the holidays. As people are starting to shop online, they’re less likely to be suspicious about emails regarding deliveries.
When it comes to CryptoLocker, the key is to be proactive instead of reactive. Individuals and businesses alike must run antivirus software, in addition to keeping regular and recent backups of all files. For businesses, it’s important to backup shared files, as CryptoLocker targets shared files for encryption first.
While preparation is extremely critical, what if you’re already infected by CryptoLocker? There are a few ways to minimize the harm done.
Minimizing the Damage
Despite the ransomware’s warning not to “turn off the computer or disconnect from the Internet,” this is actually the best action to take immediately. Turning off your computer keeps the virus from continuing to encrypt all of your files. If the virus is in the middle of the infection process, you may be able to save some of your files.
The next step is to consider the damage. What files have been lost? Do you have backups of your files? If you don’t have backups, check Windows’ System Restore files, as files are automatically backed up sometimes.
If you do have a backup, wipe your computer of the virus and use your regular antivirus software. Once you’ve restored your backup, avoid clicking any suspicious emails. If you can, try to avoid paying the ransom. The attacker obtains the money to fund for the creation of similar viruses.
Paying the Ransom
If you don’t have backup, the criminals behind Cryptolocker make it simple for users’ to pay the ransom. This isn’t recommended, as explained above, you’re funding criminals to develop more ransomware. If it’s absolutely necessary, you can pay the ransom, even after the deadline. However, the payment will become significantly more expensive.
While cracking the encryptions isn’t likely to happen in the near future, many victims have reported that paying the ransom does decrypt the files. When it comes to ransomware like CryptoLocker, awareness is important. Make sure your employees, family, and friends are aware of the virus. Knowledge and proactive measures, such as backups, are the best methods for dealing with Cryptolocker.