CryptoLocker Hijack Program
It is difficult sometimes to determine what the really worst virus is. Other than the rare virus that attacks your bios or your underlying hardware, this one probably qualifies.
In an earlier post, I spoke about a thing called ransomware that installed itself on my neighbors computer. Really nasty.
Cryptolocker is one step worse. It installs silently and then does a search on your computer for for over 70 personal file types including such things as office, power point, images, music and just about anything you can think of. Then, it simply encrypts them with AES and other types of super encryption. Typically it gives you 72 hours to pay a ransom of $100-$300 or the encryption key is deleted off the computer and gone forever.
A red sign appears on your computer.
So how does this nasty piece of software attach itself to your computer?
Originally, it came out with fake emails from what appeared to be customer service communications from companies such as UPS and FEDEX, that came with attachments. When opened, the attachments infected the computer.
Now, it may still come that way, but the following are used as well:
Exploit kits on hacked web sites that take advantage of vulnerabilities on your computer to install the infection.
Through Trojans that pretend to be programs required to view online videos. Typically these are found on Porn sites, but not always.
Through Zbot infections that appear to be PDF attachments. When you check the file, it will have an .exe extension after the .pdf extension. Zbot is a specific type of malware that can be purchased. It is a trojan horse.
The problem with paying the ransom is that you may or may not get a response from the creator of the malware. You can be out both your money and your files. Most malware/anti-virus experts recommend you don’t pay the ransom. However there is another option.
First you need to find out which files have been encrypted. Crytolocker itself has a tool for that. However there is an alternative.
Most importantly, is there any way at all to get my files back? Both yes and no. System restore makes what are known as shadow copies of your files when it creates a restore point. The easiest way to get to this after you have removed the malware is to use a program called ShadowExplorer which can be found here:
System restore must be enabled on your computer to use this.
If you do not have System Restore enabled on your computer or reliable backups, then you will either need to pay the ransom in order to get your files back or live with the fact that they are gone. Please note that there have been cases when people have paid the ransom and the decryption did not work for whatever reason. Furthermore, if you do not pay the ransom within the allotted time, the Cryptolocker decryption tool will be removed from your system and make it much more difficult, if not impossible, to restore your files.
For more of the best PC tips and tricks follow ZookaWare on Twitter.