Recently the UK’s National Crime Agency has issued an alert on a large spam campaign based on CryptoLocker ransomware that is targeting more than 10 million UK based email users. CryptoLocker malware is considered very insidious by users, it encrypts victim’s files and then demands a ransom money to restore access. CryptoLocker was first detected in the wild in September 2013, what makes CryptoLocker so insidious is the way it encrypts the victim’s data using a strong encryption method making impossible to access it without paying the ransom amount. If the victim doesn’t pay the ransom amount in 72 hours, CryptoLocker will delete the decryption key to decrypt all the files on your PC.
During these days I received many requests from readers to have indication on how to protect their machines from CryptoLocker ransomware.
The bad news is that there is no possibility to decrypt the files without the decryption key, brute force attacks
are useless against 2048 bit encryption.
The prevention is essential, following some precious suggestions:
- Avoid opening emails and attachments from unknown sources, especially zip or rar archive files.
- Keep up-to-date defense systems, OS and applications.
- Backup your data.
- Windows 7 users should set up the System Restore points or, if you are using Windows 8, configure it to keep the file history.
- If infected, make sure you have reformatted your hard drive to completely remove the CryptoLocker trojan before you attempt to re-install Windows and/or restore your files from a backup.
On the Internet it is possible to retrieve numerous tools to protect our system from CryptoLocker, HitmanPro.Alert
is one of the best free utility that can defend us from CryptoLocker ransomware
. The application in fact contains a new feature, called CryptoGuard, able to
detect and neutralize malicious activities.
Other valid tools are BitDefender Anti-CryptoBlocker,
an application that can detect and block CryptoLocker ransomware
encryption of the user’s data
applies a number of settings to the Windows machine
to prevent CryptoLocker from ever executing.
IPSs (Intrusion prevention systems) are also able to block Cryptolocker interfering with communication to remote command-and-control server used by the malware to retrieve the key to encrypt the files.
Let me close with a curious new that demonstrate that nose is secure … a
local police department in Swansea, Massachusetts, has paid criminals to decrypt files locked up by the CryptoLocker ransomware
on police computer systems, according to local press reports
. The department paid $750 for the decryption key to retrieve its files, using Bitcoins