CryptoLocker is a form of ransomware that targets MS Windows based PC’s.  CryptoLocker is typically spread by e-mail attachments that appear to be legitimate and might even come from contacts from your organization.  Once installed and after contacting the Command and Control Server the software begins encrypting your data in the background.  The encryption process is silent and you will only know you are infected after the encryption process is completed.  Once it has completed, it will modify your desktop background and you will see a popup demanding money, usually 300 USD via MoneyPack, in order to decrypt your data.  It will also encrypt mapped network drives and attached media.  The ransomware then sets a time frame between 70-100 hours for the ransom to be paid, or the private key, stored on the Command and Control Server is destroyed.  They do offer a second chance if CryptoLocker is uninstalled to retrieve your data, but for a substantially steeper fee.

The encryption that it uses is no joke.  It uses RSA public-key cryptography (2048 bit key pair) and stores the private key on the Command and Control Server.  The public key is accessible on the host machine.  Removal of the actual CryptoLocker application is fairly straight forward, and unfortunately once the ransomware is removed the files are still encrypted.

We have been working diligently over the past few days to come up with some preventative measures to help protect our customers.  Available to download from our website is a FREE executable that will enact some safety measure to hopefully help mitigate the dangers of CrypoLocker.  This application can be downloaded by joining the mailing list below .  Once downloaded, simply double click the executable file, follow the onscreen prompts and reboot.

WE’RE HERE FOR YOU

If you need help protecting yourself against cryptolocker or getting antivirus, anti spyware, and anti malware software installed on your computer we are here to help you.  Just drop us a line.