Cryptolocker: Forewarned is Forearmed!


Tech Tip#1 – Jan 2016

A gentle word of advice on this potential nightmare called cryptolocker, hopefully before it happens to you.

I recently had the misfortune of trying to untangle this virus on a business PC which encrypted all the users files. There were only 2 options available by this stage:

  1. Pay the ransom of £500 to get the encryption key and release the files or
  2. Wipe the disk and start again.

Unfortunately these are the only options once the files have been encrypted, as the virus has become very adept at removing all means of recovery.

What to do to protect you from a Cryptolocker attack?

So the best advice seems to be as always, run regular backups and remember to remove your external hard disk from the computer after the backup has completed.

There is also a free piece of software available call Cryptoprevent which seems to be worth running alongside your current virus protection. This sets up blocks to prevent the virus from running its encryption.






Ill-Gotten Gains

In December 2013 ZDNet traced four bitcoin addresses posted by users who had been infected by CryptoLocker, in an attempt to gauge the operators’ takings. The four addresses showed movement of 41,928 BTC between 15 October and 18 December, about US$27 million at that time.

In a survey by researchers at the University of Kent, 41% of those who claimed to be victims said that they had decided to pay the ransom, a proportion much larger than expected; Symantec had estimated that 3% of victims had paid and Dell SecureWorks had estimated that 0.4% of victims had paid. Following the shutdown of the botnet that had been used to distribute CryptoLocker, it was calculated that about 1.3% of those infected had paid the ransom; many had been able to recover files which had been backed up, and others are believed to have lost huge amounts of data. Nonetheless, the operators were believed to have extorted a total of around $3 million