Last week I presented a class to the Homebuilders Association of South Georgia on Cyber Security and Identity Theft Prevention.
One thing we talked about was the Cryptolocker ransomware trojan. Hackers use Cryptolocker to hijack computers and hold your data for ransom. Once it is installed, it encrypts all of your data, making it impossible for you to view or access your files. The only way you can get your documents, photos and other important files back is if you have the key the hacker used to encrypt your data. You can get this key…for a price. In examples we have seen, the user has 4 days to pay $300 to get the key. After that, the price may double or triple for a few more hours, and then your files are destroyed.
Paying the ransom for a Cryptolocker attack should be your very last resort. By paying the ransom, you are supporting a criminal enterprise and helping it flourish.
How to Avoid CryptoLocker in the First Place
- Backup your files. If you have a good backup system in place (we recommend image-based backups), you can restore your files in a matter of minutes. You can create a fresh, uninfected installation of Windows with all of your updated files.
- Never open email attachments from senders you do not know.
- Disable hidden file extensions. A file that may be disguised as a PDF or an image might actually be an executable CryptoLocker file. With file extensions disabled, you can identify these executable files with the extension .exe. Unless it’s a program you wish to install on your computer, do not open files with the extension .exe.
What to Do If Your Are Infected with CryptoLocker
If you a screen that looks like this, you are infected.
The first thing you should do is unplug your computer right away. It takes time for all of your files to be encrypted. If your computer is unplugged, you can save some (or most) of the files from being encrypted.
Then, you should bring your PC to a trusted computer consultant or IT provider who will help you retrieve your files or restore from a recent backup.