Cryptolocker is an incredibly virulent computer virus that the FBI has estimated infected 234,000 computers in the first two months of its life, and has cost victims $27 million in ransom payments.
When a machine is infected, Cryptolocker encrypts the user’s hard drive, completely locking them out of their machine, and denying them access to their files. This can be crippling for businesses, and heart-breaking when personal family photos etc. are affected.
Users are then held to ransom, as the cybercriminals behind the virus demand payment of one Bitcoin (aprox. $650) to decrypt the data.
The chief suspect has been identified, but Toels Oerting, head of Europol’s European Cyber Crime Centre (EC3), told the Guardian that he was still at large.
The FBI, Europol and other law enforcement bodies worked together to seize control of the global network of infected computers (focusing on Cryptolocker’s primary delivery method, the Gameover Zeus (GOZ) virus this week.
Despite this victory however, Andy Archibald, deputy director of the UK’s National Crime Agency (NCA), warned that it would not take long before other criminals forked the virus and began exploiting it again,
‘Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people… can stop that from happening to them. Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action.’
The non-profit Get Safe Online organization has worked with the NCA to provide Windows users with advice on protecting against malware, and the Guardian has published the following list of precautions everyone should take:
Ensure your operating system and security software are regularly updated.
• Consider investing in substantial anti-virus tools, including specialist Cryptolocker prevention kits
• Don’t open attachments from unknown sources or from emails that appear to be from a legitimate source but are suspicious
• Regularly back up important data and keep it within unconnected storage
• Consider moving more data to cloud services offered by Google and others
• Businesses should check incident response and resilience protocols to monitor for infection
• Ensure staff are educated in good computing practices and how to spot threats
• Use software to identify if a computer is infected. If so, disconnect it from networks immediately and seek professional advice
• If you believe you have been compromised, change online account passwords and network passwords after removing the system from the network
• Block .exe files over email, including within ZIP files. This can usually be done using an anti-spam system.
To this we would add that if you really absolutely have to open a file that you are not sure about, do so using Sandboxie (or a similar program that isolates it from the rest of your system). Opening a file using an OS installed in a virtual machine will provide similar protection.