If all of your data files were suddenly unavailable, how much would you pay to get them back? Remember the story I told of A Failed Hard Drive and Importance of Backup a few months ago? That user gladly paid $3000 in hopes that a service could recover their data from a failed hard drive.
Criminals know your data is valuable to you and they are doing their best to hold it hostage until you pay them. If you pay within 72 hours, the cost may only be $300. After that deadline, the cost is somewhere around $3500. Of course that’s if the criminals are “honest” enough to release your data after they have been paid. What am I talking about? The CryptoLocker malware!
Are you vulnerable?
Yes, all Windows users are vulnerable! Will your security software protect you? It might. Obviously I encourage you to make sure you have downloaded and installed the latest updates for whatever you are using to protect your system. If you are unsure of your current solution, my choice is ZoneAlarm Security Suite. The key to avoiding CryptoLocker is being extra careful about the file attachments you open and the Web sites you visit.
How do I know the bad attachments?
The key here is the criminals want to give you something that looks as legitimate as possible so that you will open the attachment and infect your system. I told you recently in Upgrade Your Phone Service and Save Money With RingCentral that we had switched our office phones to the RingCentral VOIP Service. So when I got an e-mail a few days ago telling me that a fax from RingCentral was attached, I gave the e-mail a look. I didn’t remember the fax e-mails coming to my address before so it was odd. On closer inspection, this one was even more suspicious since it has a zip file attached instead of a PDF. Digging into the header of the e-mail showed it didn’t even come from RingCentral and I immediately deleted the entire e-mail without opening the attachment.
You may receive similar e-mails from services or companies that may truly be providing a service to you. Of course an e-mail from RingCentral wouldn’t make sense if you weren’t their customer and I also receive many from well-known companies with whom I have no business relationship. The key is to look carefully at any e-mail with an attachment and make extra sure it is legitimate before you open the attachment. If it passes your eye test and you are still leery, contact the sender and ask if they indeed sent you the attachment. In this case, better safe than sorry!
Tip: One thing that can help you identify bad attachments is to make sure you Display File Extensions in Windows Explorer and Dialog Boxes. The criminals love that Windows hides file extensions by default and use that knowledge to trick you into thinking the file is legit.
What will CryptoLocker do?
Once you have accidentally installed it by opening an infected attachment, it will search your hard drive and it will start encrypting files on both local and network drives. This is no ordinary encryption, it uses a 2048-bit RSA key (so strong even the NSA, CIA and FBI won’t be able to read your data). When your data is encrypted, you’ll get a message asking you to pay a ransom to receive the decryption key. If you don’t pay (supposedly around $300) within 72 hours, your key will supposedly be destroyed and your data will remain encrypted (and not accessible) forever. Just recently the criminals set up a site that allows you to upload an encrypted file and pay even more (supposedly around $3500) to have the system identify the key that will unlock your file.
Logic says you shouldn’t pay the criminals as it will only help them continue their evil operation. But if you don’t pay, your data is lost forever. Even if you pay, there is no guarantee the criminals will give you the key to unlock your data. So the best thing you can do is avoid getting CryptoLocker!
How do I get rid of it?
Most good security software should be able to remove CryptoLocker. OK, that will prevent it from doing any more damage. Yet it will do nothing to recover files that have been encrypted. Again, this is malware that you need to completely avoid!
Even users who are extremely cautious may get bitten by this one. The key is to be extremely cautious as that will make the chances of being infected very slim. In short, make sure you have quality security software that is constantly being updated and be skeptical about any e-mail that has an attachment, especially if it looks even remotely fishy.