What You Need to Know About Cryptolocker Ransomware

What You Need to Know About Cryptolocker Ransomware

screenshot of the cryptolocker virus
Cryptolocker after infection

Colorado PC Pro currently receives almost ten requests per week to remove various cryptolocker viruses from our client devices. Unfortunately, in most cases, there is not much that can be done, but you should still be informed of the ever present danger and know how to prevent becoming infected in the first place.

What is Cryptolocker?

Cryptolocker, although it is the name of a popular encryption virus, has come to describe any virus that holds your files hostage until a ransom is paid. Typically, the ransom must be paid in Bitcoin to a specific address within a short amount of time. Ransom amounts are commonly fractions of a Bitcoin, but can reach 1 Bitcoin in many cases. As deadlines pass, the ransom cost continues to increase to put pressure on the victim to pay up. For reference, 1 Bitcoin is worth approximately $1,000 USD at the time of this writing. Obviously, that is not a small sum and many regular people are forced to decide between paying the money and losing all of their precious files, including photos, financial documents, music and movies and much else.

How Does Cryptolocker Infect it's Victims?

The vast majority of infections in Southern Colorado have occured after a user has opened an infected e-mail attachment. These attachments are typically Microsoft Excel (.xslx) or Microsoft Word (.doc, .docx) files with special code called macros programmed in. When these attachments are opened and the user gives the macros permission to run, the virus begins encrypting every file it can find on the system before spreading to other computers on the network.

Yes, this means that one infected computer can effectively lock down all of the devices in your house, including desktops, laptops, external hard drives, thumb drives, or any other device used to store files. Clearly, this can be devastating.

Microsoft Office Macro Virus
Ransomware can appear to be a file from Microsoft
How Can You Avoid Getting Infected?

Taking some simple steps designed to prevent infection from any virus can significantly increase your chances of keeping your data safe. Most importantly, do not open e-mails or e-mail attachments from untrusted sources. Sounds easy, right? It can be harder than it sounds to stay vigilant and protected.

Many hackers are aware of how to 'fool' your e-mail provider into thinking any e-mail is from someone else, so it is important to look at both the sender, the content and the attachment of the message before opening any file. When in doubt, do not open any attachments without first contacting the person who sent it or scanning it with an antivirus program.

Many virus containing e-mails claim to be from a company such as "Samsong" or "Appie," so be sure to check for typos in those e-mails before opening anything up! Bottom line: If you weren't expecting an attachment or you don't trust the source, don't open the e-mail OR the attachment!

Can Colorado PC Pro Remove Cryptolocker Viruses?

Unfortunately, almost all Cryptolocker viruses are impossible to resolve without paying the ransom. Since military-grade encryption is available to anyone with access to the Internet, clever uses of viruses have evolved into this ultimate scheme of extortion.

On a positive but decidedly not optimistic note, all known variations of the Cryptolocker virus stay true to their word and remove the encryption as soon as the ransom is paid. Is this an example of honor among thieves? More than likely not. Since your computer has already been infected, it is likely that the virus remains on your computer to be reactivated at a later date or to continue performing some other type of hack on your system.

An example screenshot of ransomware
Another form of ransomware attempts to scare the user into paying up.
What Should I Do Now That I've Been Infected?

You have two choices: pay the ransom or don't. If you pay the ransom, your files will be unlocked and you should contact us immediately to safely transfer your files to a backup source and remove all traces of the virus to prevent further victimization.

If you don't pay the ransom, fine. Maybe your files were not that important or you had a backup somewhere. Great, but you probably still need a computer, right? Colorado PC Pro can help you replace your contaminated hard drive and get you back up and running safely.

Of course, one of the best things you can do to protect your data is to keep a safe offline backup. With the dropping prices of hard drives, it is no longer cost prohibitive to protect yourself from viruses such as Griffin, Locky and Cryptolocker.

Comments are closed.