You are here

CryptoLocker

What is CryptoLocker?

CryptoLocker is malicious software that encrypts your data files (word, powerpoint, pictures, music, videos, etc.). The nefarious individuals then hold your data for ransom and try to extort money from you.

What computers are at risk?

All computers using Windows XP, Vista, 7, 8 and 8.1. This includes any Apple or Linux based computers running Windows in a virtual environment like Bootcamp, Parallels or VMWare.

What is encryption?

Encryption encodes your data so that only you and authorized people or authorized websites can read the data. Example – When you use a banking website that has “https” in the address bar, the information you transmit to and from that website is encrypted/encoded.

Why is it dangerous?

The encryption designed to safeguard your data is used against you when CryptoLocker infects your computer. Your data files are encrypted with a unique key that only the malicious people/hackers have access to. Encryption can not be broken at this point in time without the key. When your data is encrypted and the key is lost, the data is essentially lost forever.

How can I protect my data?

  1. Backup your data to another location (network drive, external hard drive, cloud storage, etc.)

    1. Disconnect that drive when you are NOT backing up your data to it.
  2. Consider paying for an online backup solution such as Mozy or Carbonite.
  3. Disconnect all drives that you are not actively using (including network drives).

    What if I think my computer is infected?

    1. Disconnect the computer immediately from ALL networks, wired or wireless.
    2. Restore from backup.
    3. If this is a college owned computer please contact the helpdesk at x4860.

    How can I avoid the malware infection?

    1. Don't go to online porn sites, which are often the source of malware downloads. 
    2. Take care when clicking on advertisements; never open Twitter links and attachments from people you don't know or trust.
    3. Personally owned computers - 
      1. Download and run the CryptoPrevent tool - http://www.foolishIT.com/download/cryptoprevent/
      2. More info about that tool can be found here - http://www.foolishIT.com/vb6-projects/cryptoprevent/
    4. Do not download files from BitTorrent services. These files are often bundled with malware.
    5. Use safe web browsing habits - http://help.marietta.edu/safe-browsing-habits

      How can I protect my computer?

      1.  Make sure your operating system is up-to-date with the latest security patches. - http://help.marietta.edu/securing-your-computer
      2. Install the latest versions of your internet browsers and update add-ons such as Java and Adobe Flash. Using a program like Secunia PSI to keep up with those updates is useful.
      3. Use Microsoft Security Essentials (Free from Microsoft). Ensure that is updated frequently. Configure it to scan your computer on a weekly basis.
        1. Personal computers - http://windows.microsoft.com/en-us/windows/security-essentials-download
        2. Marietta College owned work computers are supported by IT staff.
      4. Use MalwareBytes Pro
        1. Personal Computers - http://help.marietta.edu/malwarebytes $20 per computer (one time fee, free 14-day trial)
        2. Marietta College owned work computers are supported by IT staff.  The licensing for MalwareBytes Pro is not intended for institutional use.

      Other sources of helpful information about CryptoLocker

      1. http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
      2. http://en.wikipedia.org/wiki/CryptoLocker
      3. Kaspersky Virus Removal Tool from the following page, requires request form: http://www.kaspersky.com/free-virus-removal-tool
      4. Test tool from BleepingComputer - checks your files to see if they have been encrypted:http://download.bleepingcomputer.com/grinler/ListCrilock.exe