Ask The Cyber Security Expert: What is Cryptolocker?

20:20 13 January in attack, Cyber security, hack

Recently the Cyber Security Expert has been asked a lot about a new and scary cyber threat, called Cryptolocker. Should you be worried? Should you smash your computers and resort to typewriters? Run screaming to the hills? Lets see what the expert thinks.

So what is Cryptolocker?

Cryptolocker is a piece of malicious software (jargon watch: malicious software is usually shortened to malware) that targets the users of computers running Windows. Rather than just being a nuisance Cryptolocker seeks to extort money from its victims.

How does it do this?

Cryptolocker uses something that we cyber security people are usually very keen on – encryption. Once it gets onto your computer Cryptolocker encrypts all your files, and demands payment to restore them.

Unfortunately for its victims Cryptolocker uses strong and effective encryption – it will not be possible to recover your files if you have been unlucky enough to encounter this unpleasant piece of software.

So should I pay up?

No. Paying extortionists is not a good idea, and there is no guarantee that you will get your files back even if you do pay.

What can I do about this?

Despite the extortion Cryptolocker is otherwise fairly unremarkable. It is a completely avoidable threat if you take some sensible precautions. Like a lot of malware, Cryptolocker arrives as an attachment to an email pretending to be something important – an invoice, or document from the bank. In reality the attachment is the first stage of the Cryptolocker infection.

Be paranoid about email. Emails like this work because they seem urgent – no one likes to be billed for something unexpected, or to have a problem with the bank. But take the time to verify, even if you do know the sender. It is actually very easy to spoof the source of email, so if you are even slightly suspicious contact the apparent sender and check they did send something to you.

Run antivirus, and keep it up-to-date. Crytpolocker is high profile, and will by now be detected by almost all antivirus products (certainly all reputable ones). If host your own email make sure you run an antivirus product on your mail server. If you use a hosting provider make sure they do, and if not move to a hosting package which does offer antivirus and antispam (most email providers will do this by default these days, though if you are on an older package you may need to upgrade. It is worth doing).

Back up important files, either to a separate physical disk, or to an online backup provider. Cloud services provide some protection, though anything that integrates seamlessly with your desktop (such as Dropbox) will also potentially be discovered and encrypted by Crytolocker. Both Dropbox and Google Docs allow you to revert to older versions of your files, and hence would allow you to go back to a non encrypted version – however not all services will provide such feature.

As always, if you have questions please get in touch! Find us on twitter, or use the contact form.

The Cyber Security Expert