What is it?
CryptoLocker is a type of Malware known as Ransomware. It’s not a new approach to Malware, we have discussed Ransomware on this blog a few months back.
In fact, one of the earliest pieces of malware that was written specifically to make money, rather than simply to prove a point, was the AIDS Information Trojan of 1989. This was a type of Ransomware.
That Trojan scrambled your hard disk after 90 days, and instructed you to send $378 to an accommodation address in Panama.
In a general sense, what CryptoLocker does is encrypts your files so that you can’t read them, then offers to sell you the encryption key back for a sum of money so you can “unlock” your files.
How do you get it?
The most common attack vector for CryptoLocker is email. In the past few weeks I have seen it disguised as payroll information leaked from the HR department, company vehicle permission forms sent from the operations department, and bank statements sent from a number of banking institutions.
CryptoLocker authors are using many many different types of email to distribute their stuff.
To a lesser extent, it is also being spread to computers already infected with a Trojan.
How can you protect against it?
This Malware is fast to infect, so fast in fact that some anti-virus products do not manage to stop it before it starts to encrypt files.
As anti-virus vendors get better at detecting and stopping this threat, your anti-virus will most likely keep you safe from it, but you should always have the following things in place to protect yourself against this, and most other Malware threats:
- Make sure your files are backed up. If your files get locked up by CryptoLocker, you can simply restore from backup.
- If you are not 100% sure of the sender of an email, or you are not expecting an attachment from a person, do not open the attachment. Email attachments are the most common attack vector.
- Keep your anti-virus up to date. As anti-virus vendors get better at stopping this threat, you will want to make sure your anti-virus is being updated by them so you are as protected as possible.