How to Recognize and Prevent the CryptoLocker Virus

ransomwareIt is referred to as “CryptoLocker Ransomware” and it is a different type of virus that is a new threat to Windows users in the United Kingdom. What it does is it takes your data hostage and tells you that it will give it back to you under the condition that you will pay a ransom.

This is a virus that is the perfect example of how computer viruses have changed. For over 40 years, computer viruses have been an issue. The first appeared in 1971 and it was known as “Creeper.” The purpose of this virus was to simply access a system and the words, “I’m the Creeper, catch me if you can!” display across the screen.

Creeper was a very harmless virus. Now, we are dealing with viruses that are much darker because of the information that we all have stored on our computers. These viruses are known as “ransomware” and it is a new class of Trojan horse that started popping up on PCs just a few years ago.

Is it something to be concerned about?

Absolutely! It sneaks onto your computer disguised as an email attachment. When it is cut loose in your machine, it encrypts the files on your computer. When the encryption process is complete, the virus deletes itself and tells the user that their data can be released if they pay a ransom. Paying the ransom will release a key that can be used to get the data back. This type of virus has been an issue since 2004, when it was noticed in Russia.

What Happens When Data is Held Ransom?

How do you recognize Cryptolocker Ransomware? If you fall victim to it, you will see a screen that says, “Your personal files are encrypted.” When you see that, it’s too late.

The virus will search for files on all drives. It will look for workgroup files that you may share with your colleagues, data on company servers, and anything it can touch. Even hot online backups can fall victim. Basically, the more privileged an account is, the worse the damage is going to be.

When the data mining process is completed, the money demand page will come up. Two of the accepted forms of payment are MoneyPak and Bitcoins. The money demand page warns the user that trying to delete the software will result in the destruction of the only key that will be able to decrypt the files. In the lower left-hand corner of the page, there is a counter that gives 72 hours to pay up.

Basically, removal of the virus is useless and shutting down the server that is in possession of the key only results in decryption tool loss. So if you are wondering how to remove Cryptolocker, that is something you won’t necessarily receive an answer for. Those who fall victim are given a simple piece of advice: Pay up or don’t pay up and lose the data. How to remove Cryptolocker is something that hasn’t helped anyone who have found themselves in this situation.

How to Prevent CryptoLocker

Small and medium businesses tend to be the targets. This means that small and medium businesses need to know how to prevent CryptoLocker by being wary of attachments sent from unknown individuals. You should know who is sending you an attachment or that they will be sending you one. If you see that attachment icon, don’t open it. If in doubt, email the individual to see who they are, what they are sending, and why they are sending it. If you do not get a reply, don’t open. If the reply seems suspicious, delete the email immediately.

You will also want to be wary of attachments sent to you over social media. If you do not know the sender, do not open the file. Even if you do know the sender, make sure that it is them sending it to you. If you ask them in a message what is in the attachment and they are not aware, their account could have been hacked in order to spread the CryptoLocker virus.

You also want to run full backups of your important data. It is best if you store the data off-site. You can store data off-site through cloud servers, such as Google Drive, Dropbox, Skydrive, and others. You may even wish to consider an external drive that can be used solely for backups and unplugged from the computer when you are finished with backups.

Virus prevention is very important and the eradication of viruses that can be removed is imperative. To learn about the solutions that Integra Network Services, LLC can provide you, call 508-482-5510 or fill out our contact form today.