CryptolockerNo, — it’s not a Halloween ghoul or goblin— it’s much worse than this! Cryptolocker is a new form of malicious ransomware. If Cryptolocker gains access to your PC, you risk losing all of your personal or business-related files, permanently. The ransomware is spread through infected emails and websites through phishing attacks. Recently security firms have reported a surge of computers being affected. This form of malware is rising fast, with commercial organizations as the primary target.

How Does Cryptolocker Work?

Cryptolocker encrypts your files using asymmetric encryption, which requires a private and public key. The public key is used to encrypt and verify data, and the private key is used to decrypt. When Cryptolocker infects a computer via email, the email doesn’t appear in the junk email folder. The email appears genuine, with no spelling mistakes and comes from a convincing email address. When the email is opened, the Cryptolocker software encrypts your data.  A private key to unlock the data is stored on the cybercriminal’s server. In order to receive it, you must pay $300 USD to the cybercriminal within the instructed time limit. If the payment isn’t received within the time limit, the private key is destroyed, and your files are deleted forever.

While you can’t open, view, or read your files, cybercriminals with the decryption key can. Any of your documents containing personal information or passwords, along with your videos and photos, could be accessed by the cybercriminals. While there’s currently no evidence of encrypted files being uploaded or sold, it’s definitely a possibility.

What Files Are Commonly Targeted?

The targeted files are commonly found on most PCs; a list of targeted file extensions include:

accdb, 3fr, ai, arw, cdr, bay, cer, cr2, crt, crw, dbf, der, dcr, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

What To Do?

If you are infected, call Fuelled Networks right away at (613) 828-1384 and we can help you.  Do not pay any money.

Sometimes, it’s possible to recover previous versions of the encrypted files, simply by using System Restore or other recovery software. But if you haven’t got a reliable backup and your computer becomes infected with Cryptolocker, chances are, you’re never going to see your files again. In addition, if your backup device was connected to your computer, your files may not be recoverable. Similarly, all the files in shared network drives connected at the time of the infection could also become encrypted.  Always ensure you have a separate backup that is protected and disconnected from your network drive, so you can recover your data.

Plus, in order to be proactive, instead of reactive, use the following advice:

  • Keep Antivirus Software Active and Up to Date
  • Stay Patched by using Up-to-Date Operating Systems and Software
  • Avoid Opening Unexpected Attachments from Unknown Sources
  • Make Regular Backups Stored in Safe Places

Contact your IT Managed Services team at Fuelled Networks for more information on how to protect your files from Cryptolocker and other Malicious Software.  Call us today at (613) 828-1384 or email us at info@fuellednetworks.com.

Latest Blog Posts

Paper Checks Fraud Scam Banks: Latest Tactics Revealed
Paper Checks Fraud Scam Banks: Latest Tactics Revealed
Read More
North Korean Hackers Target Crypto Firms in Sophisticated Cyber Campaign
North Korean Hackers Target Crypto Firms in Sophisticated Cyber Campaign
Read More
Why Do Leading Organizations Continue To Invest In The Best Information Systems
Why Do Leading Organizations Continue To Invest In The Best Information Systems
Read More
Read The Tech Blog