Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tips to avoid being bit by CryptoLocker (and what to do if you are)

Kim Crawley | Dec. 4, 2013
InfoSec Institute's Kim Crawley details CryptoLocker, the latest in scareware, and offers suggestions for avoiding infection.

In the case of transmitting the malware the CryptoLocker way, someone who knows more about security than a typical user can notice that something's up. But one of the clever things that CryptoLocker does, if it's true for everyone, is it really does decrypt and rid itself if the user pays the over $600.00 worth of Bitcoins. So, users can tell people in person and online, "Pay them! It worked for me!"

The only way to directly decrypt CrptoLocker's AES and RSA encryption is to either have a supercomputer or computing cluster run a specialized cracking program for several weeks, or actually have the decryption keys that the CryptoLocker folks have. We're still looking for the computers that they use.

If you get infected with CryptoLocker, there are still alternatives to offering those crooks their ransom, because I strongly advise you not to give them money. If you're smart PC user, the contents of your hard disk partition that's infected and is being encrypted will have at least one uninfected back-up. It could be internal, like another disk in a RAID configuration; external, like on a USB, eSATA or FireWire connected external hard disk; or online, on a web-based back-up service, that's often referred to as a "cloud" back-up. I use Dropbox and Google Drive to back up my many documents and media files, but there are other, paid services to back-up actual hard disk partitions, including those that contain operating systems. If you use a web-based backup, you should also have an alternative form of backup on something that's physically in your control, like an internal disk, an external disk, DVDs, or USB flash drives. As trustworthy as Dropbox, Google and other third parties may be, what would you do if you had internet connection problems, or if one of those services loses your data or goes down? That sort of thing has happened, even with services people have paid good money for.

With your back-up in place and restorable, get rid of the CryptoLocker malware. Make sure your AV program has its most recent signatures, then use it to run a scan. Only stay connected to the internet long enough to download new signatures, because CryptoLocker keeps encrypting while you're online, and stops encrypting when you're offline. CryptoLocker has even been known to encrypt while transmitting data online before you've even logged into a user account.

After running your AV shield's scan, you'll probably want to run other removal programs. As with your AV shield, stay online only as long as it takes to download the programs. You'll probably want to boot Windows into safe mode before you run the programs. You can boot into safe mode either by hitting F8 while booting or rebooting Windows or, while booted into Windows, running msconfig to change boot settings. Msconfig can be launched by entering the exact name of the program ("msconfig") via run or cmd.exe. Check the associated checkboxes for safe mode, then reboot.


Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.