You may have heard about CryptoLocker or Ransomware over the past couple of years. CryptoLocker has continued to infect computers worldwide while baffling leading IT security professionals. A February 2016 article on BBC describes how CryptoLocker held a Los Angeles-based hospital’s information for ransom; its computer systems were offline for more than a week following the ransomware attack.
How does CryptoLocker work?
CryptoLocker seeks out users’ personal files and keeps users from accessing them unless they pay a ransom, typically $300 or $400, which may or may not result in the recovery of the files.
Files that this malware seeks can include photos, music files, documents and videos from both personal and business computers. When CryptoLocker infects a computer, the system will continue to run as it normally would until the user attempts to access the “locked” files.
CryptoLocker is typically delivered through malicious emails that mimic legitimate business emails, hidden inside attachments like .zip or .pdf files and can take several days to take effect once the computer is infected. One major issue is that an effective anti-virus software can remove the malware, but not the encryption.
Preventive Measures:
- Do not follow unsolicited web links in email message 100cs or submit any information to webpages in links.
- Use caution when opening email attachments.
- Keep operating systems and software, including anti-virus, up to date with the latest patches.
- Perform regular backups of all systems/data to avoid serious consequences should your system fall under attack.
If you believe your system may be infected with the CryptoLocker Malware, follow these steps:
- Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network.
- Change your passwords after removing the malware from your system.
- Users infected with the malware should consult with a reputable security expert to assist in removing the malware, or users can retrieve encrypted files by restoring from backup, restoring from a shadow copy or by performing a system restore.
If you have questions or would like to discuss IT security solutions for your business, contact Yeo & Yeo Technology at 989.797.4075 or email info@yeoandyeo.com.