Top 5 Items To Protect Yourself Against CryptoLocker

As you probably know, CryptoLocker is a particularly nasty piece of malware that encrypts your files, making them unusable.  Your computer usually gets infected by clicking on a link in an email that downloads CryptoLocker and encrypts your files.  This leaves the files worthless and unusable unless you know the encryption key.   The only way to recover is to either restore from a backup or pay a ransom in Bitcoin to obtain the encryption key.   Here are some tips on how to gracefully recover and prevent from getting infected in the first place:

  1. Get good Backups.  If you get infected with CryptoLocker but have a good backup,you should be able to quickly recover by restoring from the previous day's backup.  Ideally, this backup should be stored locally and not in the cloud so you can recover quickly if you have to fix a large number of files and the files are large.
  2. Install a good a link will be able to block any new variants of CryptoLocker.
  3. Fully review any emails before clicking ,links or opening an attachment.  Prevention is worth a metric ton of cure.  It's much better not to get infected in the first place.  Before you click on any email carefully review the following:
    1. Sender.  Do you know the sender?
    2. Subject.   Is it generic or something you were expecting?
    3. Attachments.  Does the email contain an attachment?  Were you expecting an email with an attachment from the sender?
    4. Links.  Carefully review the link. Hover over the link with your mouse and carefully review the text displayed when you hover over the link.  Review the text between the http:// and the / (highlighted in orange).  Here's an example of a phishing email from Southwest to check your Rapid Rewards status:
      1. https://www.southwest.com/rapidrewards - good!  The text between the https:// and / is www.southwest.com which a legitimate domain and is difficult to spoof or fake.
      2. https://www.clickme.com/southwest.com/rapidrewards  - bad!!!!  The text between the https:// and / is www.clickme.com which has nothing to do with Southwest.  Notice that the text in the link after the www.clickme.com does have text referring to Southwest, but this text is very easy to change and is trying to trick you to click on the link and download malware.
  4. If you suspect an infection, shutdown your computer and notify your IT department.  If you suspect an infection shutdown your computer immediately.  If your computer is infected with CryptoLocker the longer your computer is left on, the more files you will damage, and the less popular you will be.
  5. Install a firewall that can scan for malware on encrypted connections.  One of the reasons why CryptoLocker is so effective is the link to download the malware is often encrypted, so it will get by firewalls that check for malware.  Some firewalls like Sonicwall have the option of decrypting the traffic, inspecting the traffic (and blocking it if the firewall determines it is malware) and then re-encrypting it.  This can give you added protection against this type of malware. 

Unfortunately this type of malware is just the beginning of a new breed of malware.  It will continue to get worse.  End user training is an important step to prevent infections.  Please be safe out there!

CybersecurityUser trainingWebroot

Get updated on the latest Information Technology news, Cybersecurity, Information Technology Trends, and recent real-world troubleshooting experiences.

SUBSCRIBE NOW!