WARNING ABOUT A REALLY NASTY NEW VIRUS.
Meet CryptoLocker. It's your worst nightmare. A lot of antivirus software, including the big names, cannot yet detect or stop it. If your computer gets it, CryptoLocker takes all your files hostage by encrypting them and giving you a certain amount of time to send a certain amount of money to the man behind the virus.
The encryption is very tidy, and so far seems uncrackable (well, crackable, but it might take a couple centuries). If you tamper with the virus itself, it will pretty much self-destruct and take everything with it. And the way the money is transferred, the dick programmer behind it all for the moment is pretty much uncatchable.
YOU CANNOT GET RID OF THIS VIRUS WITHOUT COMPLETELY WIPING YOUR COMPUTER. YOUR ONLY CHANCE IS PREVENTION AND PREPARATION.
Back up your computer to something like an external hard-drive, or even an internal hard-drive that you just take out and stuff away somewhere for safe keeping. Make sure your antivirus is up to date, avoid skeevy sites, and don't open random emails. DO NOT download email attachments unless you know exactly what it is, because that seems to be how this is primarily being transmitted.
Virus Alert: CryptoLocker Ransomware
A new file-encrypting variant of ransomware called CryptoLocker has begun popping up in recent weeks, and this one is particularly troublesome. When this destructive new virus infects a computer, it encrypts all data files on the computer as well as any files available via mapped drives on connected servers. The virus then demands money from the victim for a private key that will decrypt the files and gives a time limit before the private key is destroyed.
Cryptolocker (also called crilocker or crilock) is just the latest in the growing category of ransomware – which, as the name suggests, is a form of malware that typically holds data hostage and attempts to extort money from victims.
How CryptoLocker Works
Reports indicate that Cryptolocker infection is primarily spreading via email attachments and links, often claiming to be regarding a dispute notification. Once the computer is infected, the virus uses a RSA 256 bit AES key to encrypt all data on the drive and mapped network drives. After all data has been encrypted, victims receive an alert such as the one in the above screenshot, in which either $100 or $300 is demanded in return for the decryption of the data. Victims can choose to go to a backup, attempt to restore to a previous version, pay the ransom via GreenDot Money Pak (which will effectively decrypt the data), or say goodbye to the encrypted data. The timer is functional, and the opportunity to pay for the data will no longer be available once the time lapses.
This virus works regardless of whether the user is logged in as an administrator or not, and infection has been reported on Windows XP through Windows 7. Several antiviruses have been reported to not catch the virus until the data is infected – including Kaspersky, Microsoft Essentials and Eset.
How to Avoid Losing Data to CryptoLocker Infection
While removal of the virus itself is not difficult, CryptoLocker is the only source able to provide the private key to decrypt the infected data, and removing the virus after infection will not help. At this point, preventing CryptoLocker comes down to smart, cautious PC use. The best defense is to keep proper backups of data that goes back several weeks. Along with vigilant backups, it is crucial for users to avoid careless browsing and to only click links and email attachments that are known with certainty to be from trusted sources.
For further information about CryptoLocker, visit this Reddit thread (but do not click any links within the thread).