Threat Check: Cryptolocker

cryptolocker-2.0 Name: Cryptolocker
Danger: Very High
Targets: Businesses, Home Users
First Discovered: September 2013

What does it do?

Cryptolocker is still going strong after one year and how it acts has not really changed much since then.

When your computer becomes infected by the Cryptolocker virus you may not even know it has happened yet. Your computer may start to work harder making things appear to run slower for a few minutes, then you get a popup similar to the picture above. At this point, it is already too late.

Cryptolocker has begun encrypting ALL of your usable files. Word Documents, Excel Documents, Emails, Photos, Videos, Music. The lot. From here they claim you have 72 hours to pay them a ransom of $100 to $2000 or they will make your files irrecoverable. DO NOT PAY THEM. It is only giving them more reason to do it again.

If you see the box above on your computer TURN IT OFF IMMEDIATELY!!!

So what do I do now?

There are a few steps to take.

  • Turn off the computer! – I can’t say this enough. While the computer is not running, your files are not being encrypted.
  • Remove ALL attached devices – Unplug all your USB storage devices. Do not plug these in to other computers as they are likely to be infected.
  • Check your backups – No amount of work (besides paying the ransom) is going to get your files back for you. Check your backup drives (provided they were not connected to the computer at the time) to make sure you have all your files.

How to stop Cryptolocker

Once you have Cryptolocker, it is far too late. But, if you catch it soon enough you can prevent it from infecting you at all. There are a few complicated ways to block the virus from actually getting on your computer in the first place. The easiest way is to use the Cryptolocker Prevention Kit made by Third Tier.

The program is simple and completes all the complicated actions for you.

How to recover

This is the hardest part. Any encrypted files that are not backed up, are gone. But the cryptolocker virus is still on your computer so starting it up to clean it is not going to be recommended unless you have a FULL backup.

If you choose to, you can clean the computer by running a range of virus clean up programs or have an IT professional look at it for you. Just make sure you clean the WHOLE thing up or it will simply come back again.