CryptoLocker Virus Holds your Important Documents for Ransom

Have you heard of the CryptoLocker Virus yet? If not, be sure to read on!

The CryptoLocker Virus is a form of 'ransomware;' which is a type of malware which restricts access to the Microsoft Windows-running computer that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed.

In the case of the CryptoLocker Virus, it doesn't just restrict access to the computer system. Once downloaded, this ransomware installs itself in your 'Documents and Settings' folder. It then scans the hard drive for different file types- including .doc, .xls, .ppt, .pst, .dwg, .rtf, .dbf, .psd .jpg, .raw, and .pdf- and then encrypts them (makes it so you cannot access them without the proper key).

After encrypting your files, it displays a CryptoLocker payment screen that tells you to send a ransom of usually $300 in order to decrypt the files. This screen will also display a timer stating that you have around 100 hours to pay the ransom or it will delete your key and you will not have any way to get your files back! This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

How can my computer can get infected by CryptoLocker?

1) Via an email attachment- usually looks like an email from a respected company like BBB or FedEx, UPS. For example, you receive a tracking email from a shipping company you do business with. Attached to the email is a .zip file. Opening the attachment launches a virus that finds and encrypts all files you have access to — including those located on any attached drives or mapped network drives.

2) You browse a malicious website that exploits vulnerabilities in an out-of-date version of Java.

3) You’re tricked into downloading a malicious video driver or codec file.

What should I do when I discover my computer is infected with CryptoLocker?
When you discover that your computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files. Some people have reported that once the network connection is disconnected, it will display the CryptoLocker screen.

How do I remove the virus from my computer?Your antivirus software may remove the virus, however, your files will still be encrypted. Recent versions of CryptoLocker will now set your Windows wallpaper to a message that contains a link to a decryption tool that you can download in case this happens. In some cases, people have resorted to paying the ransom to retrieve their files. Some did receive the key and regained access to their files, but this is a very risky option. Your best bet is to recover your system from a previous system backup.

How can I prevent the CryptoLocker Virus from infecting my computer?1)If you get any emails with suspicious attachments, DO NOT open the attachments or click any links in the email messages. 

2)Steer clear of any suspicious websites. Especially ones that may ask you to download a Java update.

3)Make sure you keep complete and recent backups of your system. If you have a small business with networked PCs, you should have automated workstation backups enabled, in addition to server backups.

4)Implement Windows’ Software Restriction Policies rule. This can block CryptoLocker from launching its payload in your computer system. If you need help implementing, contact a BizTech Solution Advisor at 419.539.6922 or via email for more information about this method.We know your files are important and, very likely, essential to your business. Don't hesitate to call or email us for more information about this virus and how to prevent this, and other disasters from affecting your data.


*Information gathered from our Techs and http://windowssecrets.com/top-story/cryptolocker-a-particularly-pernicious-virus/