CryptoLocker Ransomware

Our first encounter with this infection happened today and led to a furious investigation to gain more information on this. It was not good news.

Even though we were aware of this type of shenanigans the thought was that only companies (with the urgency for data integrity and lots of money) would be targeted. Not so unfortunately.CryptoLocker-thmb

In simple words, this is what happens : You receive an innocent looking e-mail from (mostly) a courier company informing you that the attached PDF document contains information regarding a package, shipment etc. Note that the above is the more common modus operandi and not the only type. The attached PDF file contains the virus and gets executed when we attempt to open the attachment. Please take note that file extensions are hidden by default and thus you will not notice the extra .exe extension after the filename.

According to a very comprehensive guide on this infection by bleeping computer, encryption software will start encrypting a wide variety of files on your computer. If you should notice this extra activity the best measure is to disconnect your computer immediately from the internet connection. Encryption should stop and the above notice will appear.

Unfortunately the encrypted files will remain encrypted with no way of recovering them. The next step would be to take the computer to your nearest repair shop. Simple as that.

The encryption key is located on the virus writers server with no access to it, except if you decide to pay the ransom fee within the specified time frame. The article on bleeping computer offers advice on how to circumvent these changes and also offers a way of recovering some of your files. But this might be an issue for the technologically challenged users.

Get your computer to show file extensions by following these procedures on Windows 7:

  • Open “my computer” and select “organize”.howto_1
  • Select “folder and search options” then click on “view”.
  • Un-tick the “hide extensions for known file types” then” apply.

You will notice an additional indicator on your file names such as mypicture.jpg or myworddocument.docx.

This is what we refer to as the file extension and is an indicator to the computer of the application that will be used to open the specific file type. There are dozens of these so we won’t publish a list of what they all mean or what will happen if you double-click on them.

The best solution is still to have a reputable internet security suite installed on your machine which is updated at all times. Do not put your full trust in any of the various free packages out there but rather invest some money in a proper anti-virus package.

We have been using Kaspersky for a number of years and found it to be one of the best available. Contact us for the best possible price and assistance in installing the software. At this stage the 2014 versions retail at R 299.00 for a two user package and R 399.00 for the 4 user version.