We explain what is CryptoLocker. Plus: how to stop CryptoLocker stealing your data. (See also: How to avoid the best malware scams.)
QUESTION I've read about a new piece of malware called CryptoLocker and I'm worried that I might be vulnerable to losing all my files. How can I ensure I'm protected against it? I believe that many antivirus programs can't get rid of it. (See also: what's the best antivirus?)
HELPROOM ANSWER Your concerns are valid as CryptoLocker is a particularly nasty piece of malware that can effectively destroy files on Windows-based PCs beyond the ability of any data recovery process (see our other feature: how to protect yourself from CryptoLocker). Unlike other viruses, which may simply delete your files, allowing for the possibility of some file recovery, CryptoLocker will securely encrypt them, making recovery impossible without the encryption key held by the attackers. This is offered only in exchange for a ransom payment.
Paying the required fee is also no guarantee that your files will be decrypted and restored to you. Other malware has employed similar tactics in the past, but CryptoLocker's encryption is much more secure and is currently not possible to crack.
The steps to guard against CryptoLocker are essentially the same good practices that should be employed to guard against any malware attack or hardware failure:
Make sure you're using antivirus software and that it's kept up to date. Thankfully, most antivirus applications can now detect and remove CryptoLocker, but are only of use if they catch it before the encryption occurs.
Also make sure that you regularly back up all your data. These backups should be in a form that's disconnected from your computer, as CryptoLocker will seek out any connected USB drives and network shares, and attempt to encrypt those files, too. This can also apply to files being synced to Cloud services, although you should often be able to retrieve previous, and therefore unencrypted, versions of these files via the Cloud service provider. Users of Windows starting with XP Service Pack 2 may also be able to retrieve previous (and therefore unencrypted) versions of their files, by right-clicking on an encrypted file and selecting Properties, then 'Previous Versions'.
For peace of mind, it's a good idea to perform an image backup right now and store it on a USB drive that you don't keep permanently connected.
Email is CryptoLocker's primary mode of attack, so avoid opening any email attachments from untrusted sources or that appear in any way suspicious. This should include attachments sent from banks or financial institutions and, particularly in the case of CryptoLocker, from courier companies or from Companies House. Also ensure the email scanning feature of your antivirus software is configured and enabled.
If you want to check right now whether CryptoLocker has found its way onto your PC, you can download and run Malwarebytes Anti-Malware. This will scan for the Trojan and remove it for you if discovered.
If CryptoLocker has already encrypted your files, then it will display a message demanding payment. Unfortunately, by this time it's too late to recover your files if they are not backed up. You will then have to consider whether to give in to the attackers' demands for the slim chance of receiving a decryption key. (See also: Cryptolocker: The evolution of extortion.)