What is Cryptolocker?

CryptoLocker is a ransomware program that was released around the beginning of September that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files.

This ransom must be paid using MoneyPak vouchers or Bitcoins. How do you become infected by Cryptolocker? This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe.

Since Microsoft does not show extensions by default, they look like normal PDF files and people open them. Make sure all your network users are aware of the dangers of opening up suspicious emails and inform Quintech support immediately if suspicious emails have been sent to you. What should I do if I discover that my computer is infected with Cryptolocker When you discover that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network.

This will prevent it from further encrypting any files. Call Quintech support desk immediately on 01386 883802 Is it possible to decrypt files encrypted by CryptoLocker? Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection.

The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back (Even then you may not)