Skip to content

Cryptolocker: what is it and why is it so evil?

June 1st, 2015

Martin

Cryptolocker is bucking the trend. While most reports will tell you that viruses are no longer the dominant threat to home computer and laptop users, Cryptolocker comes along and shows just how dangerous viruses can be.

A computer infected with the Cryptolocker virus has all its important documents encrypted. This means that the information in them is scrambled, and hidden from anyone who does not have the key or password.

In Cryptolocker’s case, you are locked out of your own documents, photos and videos.

And who has the key to unlock the encrypted files? Why, Cryptolocker’s creator of course! And he or she is not giving it to you for free.

In essence, you’ll be asked to pay a fee for the release of what’s rightfully yours.

I can’t quite emphasise enough how mad this makes me. Cryptolocker is quite possibly the most evil of all computer infections. It doesn’t wreck your computer; it doesn’t steal anything; it just sits there smugly showing you all the thing you had just moments ago, and which the virus programmer could give you back if only you… hand over the cash.

It’s extortion, plain and simple.

How does Cryptolocker get onto my computer?

Corrupt DownloadCryptolocker uses the same sneaky ways of getting onto your PC or laptop as other viruses. You might download it from spam email (including email sent unintentionally by your friends). You might get it included with legal and not-so-legal downloaded files. It could come in Internet chat discussions or dodgy social media links. Another way is through Flash Player. Make sure you keep Flash Player (and other software) updated to minimise the risk. Go to Adobe’s website to check your Flash Player is up to date.

The only way to stop it is to be vigilant: watch what you’re doing online. Be paranoid. Keep everything updated (and keep reading).

How do I spot Cryptolocker?

I’m writing this post now because one of my customers became victim to it recently, so we know Cryptolocker, or a copy of it, is still doing the rounds out there.

In hindsight, it showed itself early on when the laptop it had infected became slow and unsteady. Downloads too became difficult. The whole computer was crawling to a halt.

This was because encrypting files is no easy task. Although the laptop was a pretty decent model, encrypting every file on the hard drive takes time and effort. The clever thing about Cryptolocker is that it does its evil deeds in the background, without telling you.

It makes encrypted copies of all your files in secret, and when it’s finished: bam – it deletes all the originals, with the encrypted copies put in their place.

And then you get the dreaded message, which looks a little like this:

Cryptolocker screenshot

Here’s one version of the message you’d see once your files have been encrypted (click for larger version)

What can I do when I get Cryptolocker?

If you suspect Cryptolocker

If you’re lucky enough to spot your laptop or PC slowing down, and you’re worried it’s Cryptolocker on the way, turn off your laptop now and call me. I will:

  1. Scan the drive with a suite of powerful antivirus products, and with my own two eyes, and remove Cryptolocker if it is there.
  2. Whether it is there or not, I will back up your files to an external hard drive or other source of your choosing, scan them and examine them again, and keep them safe.
  3. Reboot your computer and perform some final security measures to minimise the chances of Cryptolocker surviving, or getting in in the first place. You’ll get a security audit whether you had Cryptolocker or not.

Either way, I will have removed Cryptolocker or any other virus which was on your PC, and made your computer much more secure in the long run. You’ll also have a backup, in case something goes wrong in the future.

If your PC or laptop falls victim to Cryptolocker in the next 30 days, you’ll get your money back from me, and you’ll still have that data backup.

Once you see the dreaded Cryptolocker message

VirusAt this point, I’m afraid your prospects are much worse. Your files are encrypted, and there is little chance of getting them back unless you have a backup or you pay the criminals.

You may have seen the Fox IT Decryptolocker website, which promises to decrypt your files for free. While this is a legitimate site, it only has access to the decryption keys for the initial 500,000 victims as of August 2014, so there is little point in sending your files there if you’re infected today.

Whatever the outcome, and whether you pay up or not, once you’re ready to banish Cryptolocker (and your chances of recovering your files) once and for all, do a System Restore and a virus scan with the antivirus software that’s on your PC already.

Even better, reinstall Windows, because this is one virus you really do not want on your computer again.

Can I prevent Cryptolocker getting on my PC in the first place?

Yes, you can. Here are my top tips to prevent Cryptolocker:

  1. Keep all your software up to date. This includes Java, Flash, your web browser, its plugins and add-ons, your email software (if you use a desktop program) and your malware programs.
  2. Install an antivirus suite. I recommend Kaspersky Internet Security, which is affordable and passes comparison tests with flying colours. If you want something free, try Avast Free.
  3. Keep your Antivirus programme’s virus definition files up to date. These are the files which help it tell a virus from a friendly programme.
  4. Be vigilant. When you open an email, is there something suspicious about it? Even if it’s from a friend, do the contents sound like them? Scan all attachments for viruses if your antivirus software offers it.

With these simple steps, Cryptolocker and a lot of other nasties can be kept away from your computer, your laptop, your precious files and your bank account.

Comments are closed.