A new generation of malware: CryptoLocker

CryptoLocker is a nasty Trojan Horse malware which surfaced in October. It is a form of ransomware targeting computers running Microsoft Windows, locking up personal data through state-of-the-art encryption, and demanding a payment to unlock the data.

CryptoLocker disguises itself as a legitimate attachment, usually a zip file. When opened, the malware encrypts certain types of files stored on local and mounted network drives with the private key stored only on the malware’s control servers. The malware then displays a message offering to decrypt the data if a payment (of about $300 USD) in Bitcoins or a pre-paid voucher is made by a stated deadline. The private key will be deleted and unavailable for recovery if the deadline passes.

What is really unusual about this nefarious operation is that it has a customer service site! If the deadline is not met, you can still get a password to decrypt your data via an online service provided by the malware’s operators for a significantly higher price…usually 10 Bitcoins or nearly $4,000 USD.

Until now, ransomware attacks were limited by the lack of a global payment method. By using Bitcoin – the new digital currency – CryptoLocker has created a new generation of malware.

How do you protect yourself?

  • Don’t open attachments from an unknown sender. Be particularly careful with zip files.
  • Make sure your saved data is being backed up daily. Ask your IT team to confirm if the location where your data is being saved is backed up to avoid any uncertainty about whether your data is safe.
  • Don’t assume your desktop or laptop is being backed up. If you have not been told by your IT team that your desktop or laptop, specifically, is backed up, assume it is not and do not save irreplaceable data there.
  • Reassess your data backup and restoration process. Ask your IT team how far back backups go and test it out. Create a test file, allow for it to be backed up and then delete it. Wait a week or two and ask for it to be restored. This should clarify the scope and history of the backup in place and allow you to review the process for requesting a file to be restored.