Cryptolocker Ransomware Protection

August 5, 2014 Timothy Uncategorized

The one-year anniversary of the nasty Cryptolocker ransomware’s release into the wild is just weeks away. Cryptolocker is still encrypting and ruining many people’s hard drives with the resultant losses of cherished photos and important files.

For the uninitiated, Cryptolocker is Windows malware which encrypts your hard drive and then offers to unencrypt your files in exchange for paying a substantial ransom, currently about $600. As with other malware, variants of Cryptolocker have been spun off by enterprising criminals. With that in mind, let’s talk about preventing a Cryptolocker event on your own hardware.

The best defense against Cryptolocker is to practice safe computing. Cryptolocker usually arrives as an email attachment or as an infected Web page. With email, always check the actual email address and don’t open unexpected attachments. Never open an email attachment with a double file extension (such as “.pdf.exe”). To defeat many anti-virus email monitors, the bad guys often resort to disguising their malware by tacking on a second file extension, thus a “double extension.” Think before you click!

The next best defense is to have an offline backup of anything critical or important. Take time to back up your hard drive to DVD or an online backup service. As Cryptolocker encrypts executable DLL files used by most programs as well as common image, sound, and video files, you’ll need to back up your operating system, your applications and your data. You must disconnect any external hard drives or flashdrives after creating your backup! Any device connected when Cryptolocker activates is subject to encryption. So make your backup and then disconnect or log off.

Your final line of defense is to install CryptoPrevent. CryptoPrevent is a small Windows utility that locks down most current versions of Windows to prevent Cryptolocker from doing its worst. It also protects against Cryptolocker variants. Both free and premium versions are available. The premium version is just $15 and the license covers all home PCs. (Commercial users must buy one license per PC.) The premium version automatically updates itself, a desirable feature for malware protection. A portable version that runs from a flashdrive is also available.

Decryptolocker Update

Great news! It seems some white hat hackers (the good guys) at FireEye have managed to analyze the malware and have developed Decryptolocker. Decryptolocker is a free online tool. You need only to provide your email address and upload a single encrypted file. Decryptolocker will then analyze the file and email you a decryption key for unlocking your files.

Don’t mistake the availablity of Decryptolocker as justification for not backing up critical data. New computers and software can be repurchased. Your data is not commercially available. Its only a matter of time and a new, updated versus of Cryptolocker will re rereleased into the wild. Take this time to prepare and defend.


About Timothy Lee

Tim, the Arkansas Small Business and Technology Development Center's webmaster and technical training specialist, has been with ASBTDC since 1995. He retired from the U.S. Air Force with the rank of master sergeant. He's a bit gung-ho, turns cat food cans into cook stoves, and keeps packing ASBTDC equipment for rapid worldwide deployment, but he's your "go to" guy for technical solutions and full-scale disasters.

Microsoft, Security,

Comments are currently closed.