What is it?

CryptoLocker is a type of Malware known as Ransomware.  It’s not a new approach to Malware, we have discussed Ransomware on this blog a few months back.

In fact, one of the earliest pieces of malware that was written specifically to make money, rather than simply to prove a point, was the AIDS Information Trojan of 1989.  This was a type of Ransomware.

That Trojan scrambled your hard disk after 90 days, and instructed you to send $378 to an accommodation address in Panama.

In a general sense, what CryptoLocker does is encrypts your files so that you can’t read them, then offers to sell you the encryption key back for a sum of money so you can “unlock” your files.


How do you get it?

The most common attack vector for CryptoLocker is email.  In the past few weeks I have seen it disguised as payroll information leaked from the HR department, company vehicle permission forms sent from the operations department, and bank statements sent from a number of banking institutions.

CryptoLocker authors are using many many different types of email to distribute their stuff.

To a lesser extent, it is also being spread to computers already infected with a Trojan.


How can you protect against it?

This Malware is fast to infect, so fast in fact that some anti-virus products do not manage to stop it before it starts to encrypt files.

As anti-virus vendors get better at detecting and stopping this threat, your anti-virus will most likely keep you safe from it, but you should always have the following things in place to protect yourself against this, and most other Malware threats:

  • Make sure your files are backed up.  If your files get locked up by CryptoLocker, you can simply restore from backup.
  • If you are not 100% sure of the sender of an email, or you are not expecting an attachment from a person, do not open the attachment.  Email attachments are the most common attack vector.
  • Keep your anti-virus up to date.  As anti-virus vendors get better at stopping this threat, you will want to make sure your anti-virus is being updated by them so you are as protected as possible.