Protect Against CryptoLocker

Protect Against CryptoLocker

October 15th, 2013 by Christopher C. Wright

Spread the word —

Encryption is a wonderful tool — it allows you to communicate securely with your bank online, protect private emails, and store personal data without fear that others will gain access to it. Unfortunately encryption is only a benefit if the hidden material can be decrypted or returned to a usable state. One of the nastiest new viruses on the internet today uses encryption to lock you out of your own files, demanding money to unlock them.

This truly malicious software called CryptoLocker is a virus spread through shared network files and email attachments. It scans your network for document, financial, and other business-related files and encrypts them, preventing you from accessing them. It then pops up a window demanding payment if you wish to have your files unlocked. Due to the strength of the encryption used, and the robustness of the virus, there is simply no way to recover your files once they have been locked unless you pay their ransom demands.

Do not worry however, for there is hope. Today we are giving our clients advice on how to prevent getting infected in the first place, and what to do if their files are held for ransom by this crippling malware.

Fraudulent Emails

Mailservers across the globe have seen a sharp rise in emails pretending to be from banks, UPS, PayPal, HP, and other transportation, financial, and technological giants, suggesting that there is an invoice, an undelivered package, or account authorization in process. Each of these emails contains an attachment that is difficult for antivirus programs to scan — a PDF hidden inside a ZIP. If you open the ZIP attachment and then view the PDF inside, the virus will try to exploit known flaws in the PDF file format to take control of your system and begin locking your files.

Our advice to our clients, friends, and colleagues is to delete all suspicious emails without opening any attachments. Financial firms, transport companies, and technology firms will never send you information packaged in this way. If you believe an email like this may be valid, do not click any links inside the email but rather call the company directly and ask if there is information waiting for you. We all but guarantee that they will alert you to the scam and will similarly recommend deleting the email.

While some mail providers are able to stop many of these malicious emails in what is called a “Graymail” system, we urge our clients to not release mails from these institutions into their mailbox, no matter how tempting. Your ISP has already determined that these emails are fraudulent and this should give extra pause. This fact is so important it bears repeating again: do not open these emails!

I am being asked for Payment

CryptoLockerIf you see an encryption warning message like that shown here, there is yet good news; we always encourage our clients to keep current and reliable backups of their files, especially their important documents and business-specific databases, the likes of which CryptoLocker targets.

Once a qualified technician has removed CryptoLocker from your system, and scanned the network for additional or potential infections, the only method to recover your files is to restore from a recent backup. It is for this precise situation, among others, that we always recommend keeping backups handy and up-to-date, and creating a policy to do such will alleviate much headache and frustration from what may otherwise be an untenable situation.

As with many other online threats, the best defense consists of multiple layers — a managed and regularly-updated network antivirus suite, restricted access to files not necessary for a given position, reliable backups, and common sense. With all of these protocols in place, CryptoLocker will likely never bother your company or your data.

To help prepare against this and the many new online threats emerging every day, be sure to call or email us today to schedule a complimentary network security consultation.

MSMB Networks — Your IT Professionals!

Christopher C. Wright is the CTO of MSMB Networks, focusing on network and system administration, upgrade planning, disaster recovery, and IT budget analysis in Petaluma and all over Sonoma and Marin Counties. With more than fifteen years of hands-on experience, he is committed to educating and protecting his clients, ensuring they receive the best individualized support possible. Email him at

Spread the word —

Latest Tweets

All future personal tech tweets will be posted at @Tech_Poet – thank you everyone for the support!
I wonder if I should keep using this handle for my personal tech projects and observations, now that MSMB has retired. Thoughts?
I just wrote 3500 words on @meraki hardware and dashboard software, woo! Coming to a blog near you.
RT @EFF: UPDATE: Hours before a scheduled vote on net neutrality, the CA utilities regulator took the item off the agenda:
Make sure to do your Windows Updates; @Microsoft released some important ones this week!
RT @TEDTalks: “We need to build an Internet where privacy is no longer just an option, but the default.” - Andy Yen #TEDGlobal

MSMB Networks
855 Grouse Ln
Petaluma, CA 94954