- Get link
- Other Apps
What is CryptoLocker?
Cryptolocker is ransomware that attacks its victims by encrypting the documents stored on the computer and demanding a ransom for them.
Cryptolocker virus: This is a "malicious program" whose objective is to infect machines that use the Windows operating system.
When Did CryptoLocker Appear?
The first encryption ransomware appeared in 2006-2007. Since then and more and more, the number of versions of this virus has only grown.
It has become one of the most dangerous threats for users. It causes millions of dollars/euros in losses worldwide.
One of the most common ransomware is CryptoLocker, followed by TeslaCrypt, Wallet, Cerber, and Dharma.
Cryptolocker made its first appearance in late 2013.
A real treat
CryptoLocker spreads mainly through phishing emails (emails that try to trick the user).
When the computer has been infected, it selects a series of files on the hard drives and encrypts them. It uses an RSA-2048 system with a private key.
The ransomware has already acted
Once the files are encrypted, it sends this key to the cybercriminals' website servers, displays a message on the screen, and requests a ransom for the data.
They will provide us with a list of each encrypted file and a 3-day countdown will appear on our computer for us to make the payment. Otherwise, we will not retrieve our documents.
In addition, we can see in the image how they indicate that after x hours, the key stored on their servers will be deleted. In conclusion, there will no longer be a way to recover our data.
The probability of restoring files compromised by CryptoLocker is very low, around 10%. So today there is no commercial solution that ensures its recovery; and the user will have lost their data forever.
Thus, most of the work should be prevention.
Our recommendation is not to fall for this blackmail. Also, it is a way to encourage them to continue their scam.
What Security Measures Can We Take to Avoid Ransomware?
Install perimeter solutions with anti-spam filtering, since the main entry point for this malware, is by email.
Avoid downloading files whose links are indicated in the body of the message and which do not come from trusted people.
Update the antivirus product to the latest version and that the signatures are up to date.
Activate the application control of our antivirus.
Disable the option 'Hide file extensions for known file types', in the 'Folder Options' of Windows File Explorer.
Keep all software updated to the latest versions of Java, Flash, or Adobe Acrobat.
Periodically make backups of our data and check the restoration of the same. In the case of being infected, we will need them ...
What to Do if We Are Infected?
If despite all the measures we have taken, our computer has finally been infected with ransomware, it is important to act prudently so as not to make the situation worse.
Obviously, if we have a backup of our files, we can restore it. As long as, we have verified that the computer is not still infected.
Various manufacturers have released tools that can be useful to try to recover the files:
What to Do After?
Once the computer is infected, the best we can do is reinstall the computer and leave it as it comes from the factory. This way we make sure that there is no trace of the malware.
Similarly, equipment manufacturers offer simple tools to carry out this process. From the windows recovery options, we can also return the computer to the initial configuration.
Then it is important to install all available updates. Both the operating system and all the programs we use.
In addition, we will install an antivirus and anti-ransomware system.
Of the files that we have in backup, it is important to eliminate any that we find suspicious.
Finally, it is important to take into account the risks involved in using the equipment. The best way to be protected is to combine updated systems + antimalware software + common sense.
Comments
Post a Comment