New Malware Encrypts Your Files For Ransom

cryptolocker1

I just learned about a new RansomWare package that is going around called CryptoLocker.  This piece of malware, once installed on a system, will immediately begin to encrypt all of the personal files using a high-level encryption algorithm and a private key needed for decryption.  The private key, according to the software, is stored on a private server somewhere.  The only way to obtain your private decryption key and get your data back is to pay a $300 ransom within 72 hours.  There is a countdown on the left side of the window.  After 72 hours, your private key is destroyed from the server. There is also a warning not to tamper with or remove the software as your key will be immediately destroyed.

There have been similar RansomWare packages in the past which have done similar things.  However, I believe in most cases you can find an unlocker utility that will decrypt and unlock all of your files after you have gotten the malware removed.  But this one is not that simple, and no unlocking tool exists yet since the private key in each scenario is different.

If you get hit with this virus, there is, unfortunately, not much you can do in the way of unlocking your already decrypted files.  So your only alternative is going to be to look to your backups.

Most off-site backups, such as Carbonite, will offer a 30-day retention.  What this means is that a file on your PC will be backed up for 30 days.  But after 30 days, the file will be removed and replaced by newer versions.  This means that if your data becomes encrypted and you don’t do anything about it for more than 30 days, then all of your files backed up off-site will be encrypted just like the files on your computer.

You also could be using a local backup type.  Maybe using Windows Backup or Acronis or something similar.  These programs will backup to an external hard drive or a network drive.  Unfortunately, the virus will most likely have already crawled through these backup files as well and you may be out of luck there.

This is where I will recommend CrashPlan (http://www.crashplan.com).  CrashPlan is an off-site backup that, by default, will retain files forever.  Having this setup before you get infected, you would be able to recover unencrypted copies of your files from a date before the infection.  CrashPlan is very affordable and includes plans for 1 PC or multiple PCs.  Regardless of how many PCs, you definitely want to have one of the unlimited plans so that you can take advantage of the “forever backups”.

You could also setup a local backup using Acronis or Windows Backup or some other software and backup to an external hard drive.  But you want to be sure this drive is not connected to the computer except for when backing up.  This would be called a “cold storage” backup because the storage device is not connected to the computer on a normal basis.  With this backup process in place, you could use your “cold storage” backup to restore un-encrypted files.

Unfortunately, as of this time, those would be your two options for recovering from this infection.  So hopefully if you don’t already have a fail-safe backup in place, you’ll consider one of my recommended backup solutions.

Leave a Reply