IT.ie Logo

CryptoLocker Ransomware. Your Files held to Ransom!

If you are unlucky enough to have been hit by the CryptoLocker ransomware virus, I’m afraid you’re not going to receive any solace from this article. In a nutshell, this software encrypts all office related documents and in some cases images on your desktop pc or laptop. Worse again, if you’re connected to an office shared drive, it will encrypt all the files there too. I’ve seen the destruction first hand and trust me I know when I’m beaten. After some exhaustive research across various well established tech forums, there doesn’t seem to be any known method of recovery other than actually paying the ransom money.  

Apparently, the encryption is created using a unique RSA-2048 public key. The decryption key is located on a secret server somewhere on the internet and there is a countdown on the infected machine which will let you know how long you have until this key will no longer be available. The clock is literally ticking from the moment you receive this ransomware.
My observations are as follows;

  • Do not remove this malware. Refer the matter to an IT Professional immediately. Removing it will most likely inhibit the ability to recover data.
  • If you have any form of backup, you need to act fast. You need to be careful that the backup is not overwritten with the newer encrypted files. If you’re lucky enough to have a backup in place, I would recommend that the pc be formatted for good measure. I’m not sure if the recommended removal techniques are adequate for malware as sophisticated as this.
  • There are variants doing the rounds. My fear is that this malware will come in lots of new forms and this may become much more commonplace. Free antivirus software is simply not good enough for situations like this. Seriously consider getting yourself a paid commercial standard antivirus product.
  • The machine I was working on today was infected because of the opening of an email attachment with the .ZIP extension. I would strongly encourage you to notifyreaffirm all staff members that under no circumstances are they to open attachments from unknown senders. In fact, I would recommend that attachments within any unsolicited emails be completely ignored. Especially attachments such as .ZIP, .RAR, etc. If you’re unsure, contact your IT representative.
  • Call us on (01) 8424114 for more information.

Share this post