First off, a little back story. If you don’t know what CryptoLocker is, it is a very effective piece of malware. Specifically, it is a type of malware that holds your information for ransom. Once installed in a system, it will communicate with some website to acquire an encryption key. OpenDNS and Cisco Web Security, mentioned in my previous post, can help in blocking the malware’s encryption key request. When this happens, the malware will still exist on the computer, but without the encryption key, it cannot encrypt anything.
This encryption key will be used by the malware to encrypt all important files that the computer can reach. This is not confined to files on your computer, it can extend to files on your company’s file server. Unfortunately, most of these malwares did the encryption well. There are only two options for recovering these encrypted files, pay the ransom or restore from the last good backup.
You might be thinking “I have antivirus installed and running, won’t I be protected already?”
The short answer is no. Look for a future post where we discuss how some malware can evade even the best antivirus software.
There is a free software that can help protect you from crypto-malware. CryptoPrevent is an application focused at blocking the various crypto-malwares. A paid version does exist which provides automatic updates. At a one-time cost of $15, it is an easy answer to a large problem.
The software is typically not deployed in an office environment as there is no great way to centrally manage this across many computers. Check with your IT department about installing CrytoPrevent on your computer, and definitely try it at home.
I encourage everyone to try the free version and if you like it, pay for the automatic updates.