Posted by: Ken Harthun
Cybercrime, Encryption, Malware, Security, Security best practice
CryptoLocker is a particularly nasty piece of malware that encrypts dozens of file types including .doc, .xls, .ppt, .pst, .dwg, .rtf, .dbf, .psd, .raw, and .pdf then demands you pay a “ransom” to get the key to unlock your data. If you see this pop-up on your PC, you’ve been infected:
They make it sound bad, don’t they. Truth is, there is probably no way to get your data unless you risk paying the money to the criminals. Here’s what Windows Secrets has to say about it:
There are no patches to undo CryptoLocker and, as yet, there’s no clean-up tool — the only sure way to get your files back is to restore them from a backup.
Some users have paid the ransom and, surprisingly, were given the keys to their data. (Not completely surprising; returning encrypted files to their owners might encourage others to pay the ransom.) This is, obviously, a risky option. But if it’s the only way you might get your data restored, use a prepaid debit card — not your personal credit card. You don’t want to add the insult of identity theft to the injury of data loss.
That last part is very good advice, but you still risk losing your money and not getting your data back. How can you trust a criminal to keep their promise?
You best strategy at this time is prevention. Antivirus software won’t catch CryptoLocker and limiting admin rights on your computer has no effect, either. To ensure that you will be able to recover your data, the most reliable method is frequent backups. Should CryptoLocker slam you, restoring your data from backup will save your bacon.
If you are running Windows XP Professional or higher, you can set Group Policy to prevent execution of the malware. If you are technically inclined and adventurous, BleepingComputer.com has a comprehensive guide of some things you can try that might work to help you recover data.