If you’ve recently logged on to your computer, only to find all of your personal files encrypted and being held quite literally for ransom, you may have been victimized by the CryptoLocker ransomware virus or a similar piece of malware.
Unfortunately, dealing with ransomware isn’t an easy task.
The best course of action is to prevent your computer from becoming infected in the first place.
However, if it’s already too late then this guide will help you learn how to prevent ransomware attacks like CryptoLocker from compromising your files, while providing a few tips on how you can try to recover your files after an attack without paying the hackers.
What is CryptoLocker Ransomware?
In late 2013, Windows users all over the world reported not being able to open any of the files on their computer.
Instead of their usual desktop background, they saw a bright red screen with a blue-checkered shield.
A frantic message on the screen read: “Your personal files are encrypted!”
Further instructions explained that the user’s files could only be accessed with a private key that was hidden on a secret server on the Internet. The only way to access this key?
This kind of malware is called “ransomware,” because it effectively holds your personal data hostage until you’ve paid the hackers some amount of money.
The CryptoLocker malware, known as a Trojan because it disguises itself as harmless .doc and .pdf email attachments, infiltrates a user’s computer and crawls its entire network for files to encrypt, including on shared drives, USB drives, and more.
The encryption method and key are considered (nearly) unbreakable.
Impacted users typically have 72 hours to pay a ransom of around $300 for access to the private key, which decrypt the files. In some cases, the payment amount goes up after the initial timer runs out. In others, the key is simply destroyed and the files are lost forever.
CryptoLocker had a prolific run for nearly a year before being shut down by a U.S. Department of Justice investigation. Some reports estimate the hackers involved cleared over $3 million in extortions.
Though CryptoLocker itself is no longer active, the malware campaign spawned plenty of clones and copycats over the years including Locky, CryptoDefense, SamSam, and many more.
3 Easy Ways to Protect Against CryptoLocker and Other Ransomware
In most cases, the encryption methods used by ransomware like CryptoLocker are extraordinarily difficult to break.
In other words, once your files are affected, getting them back without paying the ransom can be almost impossible.
Preventing an attack, however, is pretty straightforward.
Here are a few defense tips you can use right now to make sure your files stay safe:
1. Always keep “cold” backups of your data and important files
Local and cloud-based backups of your most important and sensitive files are always important.
But if your backups are connected to your computer or server in any way, they could still be vulnerable to permanent encryption during a ransomware attack.
If you have sensitive or important files on your network or computer, consider backing them up periodically to a separate hard drive or disk that doesn’t connected to your network.
2. Never download email attachments from unknown senders
Malware like CryptoLocker often acts as a Trojan, meaning it can easily be disguised as a simple Word document or pdf, using a hidden extension (like .exe) that you can’t see in an email preview.
The CryptoLocker ransomware attack, for example, tricks people into downloading a supposed “invoice” for a bill that’s overdue.
Many email providers, including Outlook, now have built-in protections that block .exe attachments and other executables that might contain malware. But, according to Microsoft, other forms of ransomware function by hiding malicious macros in innocent-looking Word documents.
The safest solution is to never download an attachment unless you know exactly what it is and who it’s from.
3. Use an recommended antivirus software (and keep it up to date)
It’s imperative that you use some kind of anti-malware protection on your computer, especially if you have important or sensitive files stored on your network.
But just installing it once isn’t enough. Be sure to run updates as they become available and keep your antivirus up to date.
Most good antivirus software will be frequently updated to detect the latest attacks like CryptoLocker, Locky, and others, though it may be vulnerable to new and unknown versions of ransomware.
An antivirus won’t be able to decrypt your files for you after an infection, but in many cases it will detect and remove the malware before it gets too far and encrypts all of your data.
How to Remove CryptoLocker or Other Ransomware After Your Files Are Compromised
What happens if you slipped up and downloaded a shady email attachment, and now you can’t access any of your files?
Getting them back might be tricky, but there are a few things you can try.
1. Disconnect your computer from the network
If you share a network with the rest of your office or even your family at home, you’ll want to keep the ransomware isolated to your computer alone.
Disable your Internet connection as soon as you know your computer is infected and remove any external drives.
2. Use your antivirus software to wipe the malware off of your machine
Ransomware usually isn’t that difficult to get rid of. In fact, sometimes just restarting your computer will disable the ransomware entirely.
(Though it won’t decrypt your files.)
The safest thing to do is run a scan and removal using your antivirus to purge any trace of the virus from your computer.
3. See if a decryption program is available for you to access your files
There are tons of malware experts and whitehat hackers working hard to fight against the rising trend of ransomware.
Visit No More Ransom and see if a decryption key has been created yet for the strain of malware that has attacked your computer.
If you’re not sure what ransomware you’ve been hit by, No More Ransom has a tool called Crypto Sheriff that can sometimes identify the virus by examining one of your encrypted files.
4. Should you pay the ransom?
Chances are, once you’ve been hit by ransomware, you won’t be able to get your files back.
If you’re lucky, there may be a decryption key out there that works, or you may be able to recover the deleted original files with help from an IT expert, but in most cases, the encryption is unbreakable.
If your files are really important or sensitive, you might wonder if it’s worth it to simply pay the ransom.
It’s up to you, but know that there’s no guarantee your files will be released or that you won’t simply be extorted for more money by the hackers.
Err on the Side of Prevention
Once attacked by ransomware, it can be really difficult to regain access to your files. In a lot of cases, you simply won’t be able to without paying the ransom.
Most experts advise against paying the ransom because there’s no guarantee the hackers will release the decryption key, plus paying them only encourages them to keep the scam going.
The best thing is to protect your computer against attacks like these by frequently updating your antivirus, running regular scans, and never opening emails or attachments from unknown senders.