Beware of CryptoLocker Malware!

November 25, 2013

CryptoLocker MalwareIf all of your data files were suddenly unavailable, how much would you pay to get them back? Remember the story I told of A Failed Hard Drive and Importance of Backup a few months ago? That user gladly paid $3000 in hopes that a service could recover their data from a failed hard drive.

Criminals know your data is valuable to you and they are doing their best to hold it hostage until you pay them. If you pay within 72 hours, the cost may only be $300. After that deadline, the cost is somewhere around $3500. Of course that’s if the criminals are “honest” enough to release your data after they have been paid. What am I talking about? The CryptoLocker malware!

Are you vulnerable?

Yes, all Windows users are vulnerable! Will your security software protect you? It might. Obviously I encourage you to make sure you have downloaded and installed the latest updates for whatever you are using to protect your system. If you are unsure of your current solution, my choice is ZoneAlarm Security Suite. The key to avoiding CryptoLocker is being extra careful about the file attachments you open and the Web sites you visit.

How do I know the bad attachments?

The key here is the criminals want to give you something that looks as legitimate as possible so that you will open the attachment and infect your system. I told you recently in Upgrade Your Phone Service and Save Money With RingCentral that we had switched our office phones to the RingCentral VOIP Service. So when I got an e-mail a few days ago telling me that a fax from RingCentral was attached, I gave the e-mail a look. I didn’t remember the fax e-mails coming to my address before so it was odd. On closer inspection, this one was even more suspicious since it has a zip file attached instead of a PDF. Digging into the header of the e-mail showed it didn’t even come from RingCentral and I immediately deleted the entire e-mail without opening the attachment.

You may receive similar e-mails from services or companies that may truly be providing a service to you. Of course an e-mail from RingCentral wouldn’t make sense if you weren’t their customer and I also receive many from well-known companies with whom I have no business relationship. The key is to look carefully at any e-mail with an attachment and make extra sure it is legitimate before you open the attachment. If it passes your eye test and you are still leery, contact the sender and ask if they indeed sent you the attachment. In this case, better safe than sorry!

Tip: One thing that can help you identify bad attachments is to make sure you Display File Extensions in Windows Explorer and Dialog Boxes. The criminals love that Windows hides file extensions by default and use that knowledge to trick you into thinking the file is legit.

What will CryptoLocker do?

Once you have accidentally installed it by opening an infected attachment, it will search your hard drive and it will start encrypting files on both local and network drives. This is no ordinary encryption, it uses a 2048-bit RSA key (so strong even the NSA, CIA and FBI won’t be able to read your data). When your data is encrypted, you’ll get a message asking you to pay a ransom to receive the decryption key. If you don’t pay (supposedly around $300) within 72 hours, your key will supposedly be destroyed and your data will remain encrypted (and not accessible) forever. Just recently the criminals set up a site that allows you to upload an encrypted file and pay even more (supposedly around $3500) to have the system identify the key that will unlock your file.

Logic says you shouldn’t pay the criminals as it will only help them continue their evil operation. But if you don’t pay, your data is lost forever. Even if you pay, there is no guarantee the criminals will give you the key to unlock your data. So the best thing you can do is avoid getting CryptoLocker!

How do I get rid of it?

Most good security software should be able to remove CryptoLocker. OK, that will prevent it from doing any more damage. Yet it will do nothing to recover files that have been encrypted. Again, this is malware that you need to completely avoid!

Even users who are extremely cautious may get bitten by this one. The key is to be extremely cautious as that will make the chances of being infected very slim. In short, make sure you have quality security software that is constantly being updated and be skeptical about any e-mail that has an attachment, especially if it looks even remotely fishy.

Post Discussion


  1. Michael Ratner

    Ouch. Let me put my hand up.
    Firstly it only happens to other people. Same applies – why back up … don’t be such a whimp.
    And I ain’t no amateur at this.
    And yes, three weeks ago it got me. Exactly as you described.
    No problem, I’ll phone my really genius IT guy and he’ll get me out of this.
    Well I never paid the ransom and wish I had, .
    Ha bloody Ha.
    Cost me $2,000 so far in reinstalling Windows and others executables for all the software. That took 4 days and go put a price on 12 years of hugely creative data.
    So trying to look on the bright side… I thought that it would be a good time to freshen up all the creative … Ha Ha again. From being very productive, I now sit here staring at two screens bemoaning my fate.and instead of producing revenue I’m re-creating.

    Talk of debilitating … this is it. Thank goodness my staff have barred me from knowing anything about MYOB which is the integrity of our business or I shudder to think.

    However I take some comfort in the fact that Cryptolocker is the most brilliant bit of fraud I have ever seen. I am amazed at it’s ingenuity and with all the good advice this surely has to affect a large percentage of the integrity of the internet. Yes, I for one do live in fear now and have become even less productive wasting time terrified of what to open.
    Half a solution is my IT guy has installed administrator privileges which means any executable attached to anything needs my approval.

    Have to go, can’t see the screen because I have teared up.



Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like…

Keyboard Cleaning Gel

Use Cleaning Gel on Keyboards, Laptops and More

Keyboards can be pretty disgusting. Apart from looking bad and being covered with germs, some of that dirt can prevent them from working well. A few years ago I took a very drastic step to get a keyboard clean. If you don't remember it, check...

Read More

Blog Makeover

Blog Posts Receive Makeover

Since we migrated the Graphics Unleashed Blog to a dedicated site in 2015, the layout of the posts was mostly the same. We did make a few minor changes every now and then, but it didn't change the overall layout much. Now we've made a major...

Read More

You Shipped It Where? What Were You Thinking?

Loyal readers know that I recently moved. Part of that move was selling the home where I had resided the previous 22 years. While I've provided a new address to more than 100 places, I'm sure there are some I've missed. Today I have a story...

Read More

Foster D. Coburn III

Foster D. Coburn III is author of 13 best-selling books on CorelDRAW and has been a contributor to numerous technology and graphics-related magazines. Foster has taken many projects, including this Web site, from the early design stage through to a finished piece. He has been a featured speaker at many graphics conferences. His first Web site was built in 1995 and he has been working exclusively in WordPress since 2013.

Recent Posts

Pro WordPress Help

Graphics Unleashed Donations

Personal Info

Donation Total: $5