CryptolockerNo, — it’s not a Halloween ghoul or goblin— it’s much worse than this! Cryptolocker is a new form of malicious ransomware. If Cryptolocker gains access to your PC, you risk losing all of your personal or business-related files, permanently. The ransomware is spread through infected emails and websites through phishing attacks. Recently security firms have reported a surge of computers being affected. This form of malware is rising fast, with commercial organisations as the primary target.

How Does Cryptolocker Work?

Cryptolocker encrypts your files using asymmetric encryption, which requires a private and public key. The public key is used to encrypt and verify data, and the private key is used to decrypt. When Cryptolocker infects a computer via email, the email doesn’t appear in the junk email folder. The email appears genuine, with no spelling mistakes and comes from a convincing email address. When the email is opened, the Cryptolocker software encrypts your data.  A private key to unlock the data is stored on the cybercriminal’s server. In order to receive it, you must pay $300 USD to the cybercriminal within the instructed time limit. If the payment isn’t received within the time limit, the private key is destroyed, and your files are deleted forever.

While you can’t open, view, or read your files, cybercriminals with the decryption key can. Any of your documents containing personal information or passwords, along with your videos and photos, could be accessed by the cybercriminals. While there’s currently no evidence of encrypted files being uploaded or sold, it’s definitely a possibility.

What Files Are Commonly Targeted?

The targeted files are commonly found on most PCs; a list of targeted file extensions include:

accdb, 3fr, ai, arw, cdr, bay, cer, cr2, crt, crw, dbf, der, dcr, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

What To Do?

If you are infected, call Sydney Technology Solutions right away at (02) 8212 4722 and we can help you.  Do not pay any money.

Sometimes, it’s possible to recover previous versions of the encrypted files, simply by using System Restore or other recovery software. But if you haven’t got a reliable backup and your computer becomes infected with Cryptolocker, chances are, you’re never going to see your files again. In addition, if your backup device was connected to your computer, your files may not be recoverable. Similarly, all the files in shared network drives connected at the time of the infection could also become encrypted.  Always ensure you have a separate backup that is protected and disconnected from your network drive, so you can recover your data.

Plus, in order to be proactive, instead of reactive, use the following advice:

  • Keep Antivirus Software Active and Up to Date
  • Stay Patched by using Up-to-Date Operating Systems and Software
  • Avoid Opening Unexpected Attachments from Unknown Sources
  • Make Regular Backups Stored in Safe Places

Contact your IT Managed Services team at Sydney Technology Solutions for more information on how to protect your files from Cryptolocker and other Malicious Software.  Call us today at (02) 8212 4722 or email us at [email protected].